ae7d5973d7daaa7dec7f06af80b97b5927b44521ed4aa3fe2b75d98ecd9a9a80 (SHA256)
zOTcI.exe
Windows Exe (x86-64)
Created at 2019-02-09 09:06:00
Notifications (2/4)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "40 minutes, 50 seconds" to "10 minutes" to reveal dormant functionality.
Monitored Processes
Behavior Information - Sequential View
Process #1: zotci.exe
65271
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\zotci.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\zOTcI.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:51 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf08 |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F0C
0x
F10
0x
F24
0x
F28
0x
F34
0x
F3C
0x
F40
0x
F58
0x
F5C
0x
F84
0x
FC4
0x
E1C
0x
820
0x
EF0
0x
EF4
0x
F04
0x
EEC
0x
ED0
0x
EC0
0x
924
0x
4F0
0x
148
0x
870
0x
61C
0x
2E4
0x
CE0
0x
CE4
0x
85C
0x
88C
0x
798
0x
81C
0x
550
0x
554
0x
790
0x
E64
0x
E74
0x
E6C
0x
E68
0x
3C0
0x
F20
0x
F60
0x
F28
0x
764
0x
628
0x
F64
0x
F54
0x
F48
0x
F70
0x
F84
0x
F80
0x
FC8
0x
FBC
0x
F50
0x
FDC
0x
FE0
0x
FE4
0x
FC4
0x
FFC
0x
FD4
0x
F98
0x
114
0x
C6C
0x
C08
0x
C24
0x
200
0x
F44
0x
718
0x
AE4
0x
230
0x
CEC
0x
C7C
0x
FF0
0x
D18
0x
F38
0x
C2C
0x
4F8
0x
E9C
0x
E94
0x
E60
0x
E8C
0x
E90
0x
E98
0x
EA8
0x
EAC
0x
EB0
0x
E70
0x
C64
0x
434
0x
D10
0x
F14
0x
530
0x
470
0x
CB8
0x
620
0x
A44
0x
D14
0x
224
0x
320
0x
BF8
0x
C5C
0x
CC8
0x
FEC
0x
E5C
0x
538
0x
B18
0x
518
0x
F94
0x
274
0x
DCC
0x
DD0
0x
304
0x
7C0
0x
788
0x
63C
0x
728
0x
128
0x
5B8
0x
248
0x
CF8
0x
7FC
0x
C38
0x
774
0x
D38
0x
F90
0x
7AC
0x
7B0
0x
7C8
0x
490
0x
770
0x
76C
0x
7CC
0x
968
0x
7BC
0x
46C
0x
C34
0x
950
0x
1A4
0x
D40
0x
C44
0x
CC4
0x
FB4
0x
C58
0x
FCC
0x
C54
0x
FB0
0x
FF4
0x
FC0
0x
FB8
0x
5E4
0x
580
0x
578
0x
5CC
0x
5D8
0x
334
0x
B74
0x
DBC
0x
E1C
0x
EB8
0x
AEC
0x
510
0x
E20
0x
DDC
0x
90C
0x
A10
0x
DE0
0x
E28
0x
F00
0x
9B8
0x
B90
0x
BA4
0x
9B4
0x
8E0
0x
B60
0x
92C
0x
84C
0x
8D4
0x
958
0x
BA8
0x
B70
0x
BAC
0x
EB4
0x
C40
0x
C4C
0x
C04
0x
C30
0x
C50
0x
C84
0x
A70
0x
C10
0x
F9C
0x
754
0x
C70
0x
8BC
0x
3DC
0x
A8C
0x
A50
0x
ACC
0x
54C
0x
B3C
0x
418
0x
910
0x
C1C
0x
C18
0x
820
0x
ED4
0x
E0C
0x
DE4
0x
EE8
0x
DE8
0x
EF8
0x
E08
0x
DF4
0x
784
0x
D34
0x
DEC
0x
EFC
0x
DF0
0x
E14
0x
E10
0x
E34
0x
900
0x
E54
0x
ED8
0x
E24
0x
E40
0x
E48
0x
E38
0x
EF4
0x
EE4
0x
E80
0x
E84
0x
ECC
0x
EBC
0x
E78
0x
5BC
0x
EC4
0x
E7C
0x
EC8
0x
C60
0x
C48
0x
C68
0x
CB4
0x
CB0
0x
C80
0x
CC0
0x
C3C
0x
D10
0x
FA8
0x
318
0x
F2C
0x
34C
0x
320
0x
F78
0x
CD4
0x
AE8
0x
F8C
0x
D58
0x
C28
0x
CBC
0x
338
0x
F4C
0x
AD8
0x
A58
0x
404
0x
DB4
0x
F7C
0x
7C4
0x
36C
0x
56C
0x
FF8
0x
B84
0x
DC4
0x
648
0x
E30
0x
E44
0x
C78
0x
AC4
0x
5C0
0x
FAC
0x
EDC
0x
9F4
0x
9F8
0x
A00
0x
A24
0x
A14
0x
A40
0x
CD8
0x
B08
0x
8C0
0x
A0C
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10D0
0x
10D4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
1220
0x
1224
0x
1228
0x
122C
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1318
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1340
0x
1344
0x
1348
0x
134C
0x
1350
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E4
0x
13E8
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
0x
10A0
0x
10B0
0x
75C
0x
D30
0x
D24
0x
10F0
0x
10E8
0x
10C8
0x
10CC
0x
10C4
0x
10D8
0x
10A8
0x
E04
0x
10B8
0x
10C0
0x
10A4
0x
10BC
0x
10B4
0x
1178
0x
10E0
0x
1170
0x
116C
0x
10DC
0x
1168
0x
10F4
0x
10E4
0x
1180
0x
117C
0x
1240
0x
1230
0x
121C
0x
1250
0x
D00
0x
EA0
0x
FE8
0x
A90
0x
127C
0x
1278
0x
1284
0x
1280
0x
128C
0x
1288
0x
1388
0x
1398
0x
13B0
0x
1404
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1434
0x
1438
0x
143C
0x
1440
0x
1444
0x
144C
0x
147C
0x
1480
0x
1484
0x
1488
0x
148C
0x
1490
0x
1494
0x
149C
0x
14A0
0x
14A4
0x
14A8
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14C4
0x
14C8
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1504
0x
1508
0x
150C
0x
1510
0x
1514
0x
1518
0x
151C
0x
1520
0x
1524
0x
1528
0x
152C
0x
1530
0x
1534
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1550
0x
1554
0x
1558
0x
155C
0x
1560
0x
1564
0x
1568
0x
156C
0x
1570
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
15A4
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1604
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
165C
0x
1660
0x
1664
0x
1668
0x
166C
0x
1670
0x
1674
0x
1678
0x
167C
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1694
0x
1698
0x
169C
0x
16A0
0x
16A4
0x
16A8
0x
16AC
0x
16B0
0x
16B4
0x
16B8
0x
16BC
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16DC
0x
16E0
0x
16E4
0x
16E8
0x
16EC
0x
16F0
0x
16F4
0x
16F8
0x
16FC
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
171C
0x
1720
0x
1724
0x
1730
0x
1734
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1754
0x
1758
0x
175C
0x
1760
0x
1764
0x
1768
0x
176C
0x
1770
0x
1774
0x
1778
0x
177C
0x
1780
0x
1784
0x
1788
0x
1790
0x
1794
0x
1798
0x
179C
0x
17A0
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17E4
0x
17E8
0x
17EC
0x
17F0
0x
17F4
0x
17F8
0x
1164
0x
1390
0x
13AC
0x
10D0
0x
138C
0x
13B4
0x
13A0
0x
CE8
0x
2F4
0x
144C
0x
145C
0x
548
0x
F88
0x
68C
0x
1474
0x
1478
0x
1454
0x
1464
0x
146C
0x
1450
0x
1468
0x
1460
0x
1458
0x
1394
0x
10AC
0x
D4C
0x
D3C
0x
F18
0x
234
0x
D0
0x
C88
0x
F1C
0x
FA4
0x
528
0x
610
0x
C74
0x
17B4
0x
17D0
0x
17D8
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
1870
0x
1874
0x
1878
0x
187C
0x
1880
0x
1884
0x
1888
0x
188C
0x
1898
0x
189C
0x
18A0
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18CC
0x
18D0
0x
18D4
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
18F8
0x
18FC
0x
1900
0x
1904
0x
1910
0x
1914
0x
1918
0x
191C
0x
1920
0x
1924
0x
1928
0x
192C
0x
1930
0x
1934
0x
1938
0x
193C
0x
1940
0x
1954
0x
1958
0x
195C
0x
1960
0x
1964
0x
1970
0x
1974
0x
1978
0x
1980
0x
1984
0x
198C
0x
1990
0x
1994
0x
19A0
0x
19A4
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19F0
0x
19F4
0x
19F8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A4C
0x
1A50
0x
1A54
0x
1A58
0x
1A5C
0x
1A60
0x
1A64
0x
1A68
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A8C
0x
1A90
0x
1A94
0x
1A98
0x
1A9C
0x
1AA0
0x
1AA4
0x
1AA8
0x
1AC8
0x
1ACC
0x
1AD0
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE4
0x
1AE8
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B0C
0x
1B10
0x
1B14
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B34
0x
1B38
0x
1B3C
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BBC
0x
1BC0
0x
1BC4
0x
1BCC
0x
1BD0
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
1BE4
0x
1BE8
0x
1BEC
0x
1BF0
0x
1BF4
0x
1BF8
0x
1BFC
0x
1904
0x
190C
0x
18C8
0x
1950
0x
DC8
0x
DD8
0x
197C
0x
1894
0x
1908
0x
17CC
0x
17FC
0x
186C
0x
1174
0x
17E0
0x
19C8
0x
19CC
0x
19C4
0x
1948
0x
196C
0x
19A8
0x
1944
0x
1988
0x
1968
0x
19EC
0x
19E8
0x
874
0x
1A30
0x
194C
0x
1890
0x
17D4
0x
17C8
0x
1A20
0x
1AAC
0x
1AB4
0x
1B00
0x
1ABC
0x
1A70
0x
1B04
0x
1A6C
0x
1AC4
0x
1AB8
0x
EE0
0x
208
0x
1FC
0x
1AB0
0x
2C0
0x
558
0x
520
0x
29C
0x
264
0x
928
0x
300
0x
6B0
0x
734
0x
140
0x
864
0x
A68
0x
5EC
0x
634
0x
6FC
0x
834
0x
830
0x
43C
0x
14C
0x
7A8
0x
FC
0x
6B8
0x
4F4
0x
48C
0x
5FC
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C18
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C54
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C70
0x
1C74
0x
1C78
0x
1C7C
0x
1C80
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1CA0
0x
1CA4
0x
1CA8
0x
1CAC
0x
1CB0
0x
1CB4
0x
1CB8
0x
1CBC
0x
1CC0
0x
1CC4
0x
1CC8
0x
1CCC
0x
1CD0
0x
1CD4
0x
1CD8
0x
1CDC
0x
1CE0
0x
1CE4
0x
1CE8
0x
1CEC
0x
1CF0
0x
1CF4
0x
1CF8
0x
1CFC
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D28
0x
1D2C
0x
1D30
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D54
0x
1D58
0x
1D5C
0x
1D60
0x
1D64
0x
1D6C
0x
1D70
0x
1D74
0x
1D78
0x
1D7C
0x
1D84
0x
1D88
0x
1D8C
0x
1D90
0x
1D94
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DB8
0x
1DBC
0x
1DC0
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E08
0x
1E0C
0x
1E10
0x
1E14
0x
1E18
0x
1E1C
0x
1E20
0x
1E24
0x
1E28
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E50
0x
1E54
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E70
0x
1E7C
0x
1E80
0x
1E84
0x
1E88
0x
1E8C
0x
1E90
0x
1E94
0x
1E98
0x
1E9C
0x
1EA0
0x
1EA4
0x
1EA8
0x
1EAC
0x
1EB0
0x
1EB4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1ED8
0x
1EDC
0x
1EE0
0x
1EE4
0x
1EE8
0x
1EEC
0x
1F04
0x
1F08
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F2C
0x
1F30
0x
1F34
0x
1F38
0x
1F3C
0x
1F40
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F58
0x
1F5C
0x
1F60
0x
1F68
0x
1F6C
0x
1F70
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F90
0x
1F94
0x
1F98
0x
1F9C
0x
1FA0
0x
1FA4
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FB4
0x
1FC0
0x
1FC4
0x
1FC8
0x
1FCC
0x
1FD0
0x
1FD4
0x
1FD8
0x
1FDC
0x
1FE0
0x
1FE4
0x
1FE8
0x
1FF4
0x
1FF8
0x
1FFC
0x
DFC
0x
17C4
0x
5F0
0x
91C
0x
17C0
0x
172C
0x
17B8
0x
17DC
0x
178C
0x
1728
0x
464
0x
440
0x
E4C
0x
AB4
0x
EC
0x
454
0x
508
0x
1EF4
0x
1D98
0x
1E78
0x
424
0x
1E58
0x
45C
0x
1EF0
0x
1E74
0x
420
0x
1F28
0x
1F20
0x
1FBC
0x
2004
0x
2008
0x
200C
0x
2010
0x
2018
0x
201C
0x
2020
0x
2024
0x
202C
0x
2030
0x
2034
0x
2038
0x
203C
0x
2040
0x
2044
0x
2048
0x
204C
0x
2050
0x
2098
0x
209C
0x
20A0
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20CC
0x
20D0
0x
20D4
0x
20D8
0x
20DC
0x
20E0
0x
20E4
0x
20E8
0x
20EC
0x
20F0
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
2128
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
2160
0x
2164
0x
2168
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
2180
0x
2184
0x
2188
0x
218C
0x
2190
0x
2194
0x
2198
0x
219C
0x
21A0
0x
21A4
0x
21A8
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
21E8
0x
21EC
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
224C
0x
2250
0x
2254
0x
2258
0x
225C
0x
2260
0x
2264
0x
2268
0x
226C
0x
2270
0x
2274
0x
2278
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
2298
0x
229C
0x
22A0
0x
22A4
0x
22A8
0x
22AC
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22D8
0x
22DC
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
22F8
0x
22FC
0x
2300
0x
2304
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2324
0x
2328
0x
232C
0x
2330
0x
2334
0x
2338
0x
233C
0x
2340
0x
2344
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
235C
0x
2360
0x
2364
0x
2368
0x
236C
0x
2370
0x
2374
0x
2378
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A4
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
23FC
0x
1498
0x
13A8
0x
858
0x
1298
0x
13A4
0x
1E4C
0x
129C
0x
1294
0x
11B8
0x
2074
0x
123C
0x
205C
0x
2064
0x
2058
0x
1190
0x
1234
0x
1238
0x
1C6C
0x
1E48
0x
119C
0x
118C
0x
207C
0x
2014
0x
1F64
0x
DB0
0x
CA8
0x
CDC
0x
2068
0x
1EF8
0x
17BC
0x
1F44
0x
1F24
0x
2070
0x
2078
0x
1F8C
0x
206C
0x
15C
0x
2060
0x
1F88
0x
2054
0x
2028
0x
1FEC
0x
1FB8
0x
9E8
0x
A88
0x
A18
0x
9FC
0x
A20
0x
808
0x
A1C
0x
A30
0x
9F0
0x
A04
0x
AC0
0x
AF0
0x
AF8
0x
AFC
0x
B04
0x
B14
0x
B28
0x
1184
0x
A08
0x
B00
0x
2084
0x
2080
0x
A98
0x
13E0
0x
124C
0x
1198
0x
1244
0x
1248
0x
1C98
0x
1E6C
0x
11A0
0x
1194
0x
40
0x
52C
0x
C8C
0x
CAC
0x
C90
0x
2CC
0x
208C
0x
278
0x
368
0x
1E44
0x
1E40
0x
1D38
0x
1D80
0x
1E3C
0x
1F00
0x
1D68
0x
DA8
0x
23F0
0x
DAC
0x
DA4
0x
DA0
0x
D9C
0x
D98
0x
D94
0x
D90
0x
D8C
0x
D88
0x
D84
0x
D80
0x
9FC
0x
D7C
0x
D78
0x
AA8
0x
D74
0x
D70
0x
D6C
0x
D68
0x
D64
0x
D5C
0x
D60
0x
2404
0x
2408
0x
240C
0x
2410
0x
2414
0x
2418
0x
241C
0x
2420
0x
2424
0x
2430
0x
2434
0x
2438
0x
243C
0x
2440
0x
2444
0x
2448
0x
244C
0x
2450
0x
2454
0x
2458
0x
245C
0x
2464
0x
2468
0x
246C
0x
2470
0x
2474
0x
2478
0x
247C
0x
2480
0x
2484
0x
2488
0x
248C
0x
2490
0x
2494
0x
2498
0x
249C
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B4
0x
24B8
0x
24BC
0x
24C0
0x
24C4
0x
24C8
0x
24CC
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
2508
0x
250C
0x
2510
0x
2514
0x
251C
0x
2520
0x
2524
0x
2528
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2558
0x
255C
0x
2560
0x
2564
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
2588
0x
258C
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
25BC
0x
25C0
0x
25C4
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2638
0x
263C
0x
2640
0x
2644
0x
2648
0x
264C
0x
2650
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
2668
0x
266C
0x
2670
0x
2674
0x
2678
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
0x
273C
0x
2740
0x
2744
0x
2748
0x
274C
0x
2750
0x
2754
0x
2758
0x
275C
0x
2760
0x
2764
0x
2768
0x
276C
0x
2770
0x
2774
0x
2778
0x
277C
0x
2780
0x
2784
0x
2788
0x
278C
0x
2790
0x
2794
0x
2798
0x
279C
0x
27A0
0x
27A4
0x
27A8
0x
27AC
0x
27B0
0x
27B4
0x
27B8
0x
27BC
0x
27C0
0x
27C4
0x
27C8
0x
27CC
0x
27D0
0x
27D4
0x
27D8
0x
27DC
0x
27E0
0x
27E4
0x
27E8
0x
27EC
0x
27F0
0x
27F4
0x
27F8
0x
27FC
0x
1D34
0x
D54
0x
524
0x
C14
0x
E00
0x
618
0x
2460
0x
2C8
0x
8D0
0x
D50
0x
2518
0x
242C
0x
1C9C
0x
2428
0x
A28
0x
2090
0x
139C
0x
AB8
0x
CF0
0x
2554
0x
1EFC
0x
2590
0x
AA0
0x
ABC
0x
2550
0x
24A0
0x
CF4
0x
A9C
0x
AAC
0x
AA4
0x
2804
0x
2808
0x
280C
0x
2810
0x
2814
0x
2818
0x
281C
0x
2820
0x
2824
0x
2828
0x
282C
0x
2830
0x
2834
0x
2838
0x
283C
0x
2840
0x
2844
0x
2848
0x
284C
0x
2850
0x
2854
0x
2858
0x
285C
0x
2860
0x
2864
0x
2868
0x
286C
0x
2870
0x
2874
0x
2878
0x
287C
0x
2880
0x
2884
0x
2888
0x
288C
0x
2890
0x
2894
0x
2898
0x
289C
0x
28A0
0x
28A4
0x
28A8
0x
28AC
0x
28B0
0x
28B4
0x
28B8
0x
28BC
0x
28C0
0x
28C4
0x
28C8
0x
28CC
0x
28D0
0x
28D4
0x
28D8
0x
28DC
0x
28E0
0x
28E4
0x
28E8
0x
28EC
0x
28F0
0x
28F4
0x
28F8
0x
28FC
0x
2900
0x
2904
0x
2908
0x
290C
0x
2910
0x
2914
0x
2918
0x
291C
0x
2920
0x
2924
0x
2928
0x
292C
0x
2930
0x
2934
0x
2938
0x
293C
0x
2940
0x
2944
0x
2948
0x
294C
0x
2950
0x
2954
0x
2958
0x
295C
0x
2960
0x
2964
0x
2968
0x
296C
0x
2970
0x
2974
0x
2978
0x
297C
0x
2980
0x
2984
0x
2988
0x
298C
0x
2990
0x
2994
0x
2998
0x
299C
0x
29A0
0x
29A4
0x
29A8
0x
29AC
0x
29B0
0x
29B4
0x
29B8
0x
29BC
0x
29C0
0x
29C4
0x
29C8
0x
29CC
0x
29D0
0x
29DC
0x
29E0
0x
29E4
0x
29E8
0x
29EC
0x
29F0
0x
29F4
0x
2A00
0x
2A04
0x
2A08
0x
2A0C
0x
2A10
0x
2A14
0x
2A18
0x
2A1C
0x
2A20
0x
2A24
0x
2A28
0x
2A2C
0x
2A30
0x
2A34
0x
2A38
0x
2A3C
0x
2A40
0x
2A44
0x
2A48
0x
2A4C
0x
2A50
0x
2A54
0x
2A60
0x
2A64
0x
2A68
0x
2A6C
0x
2A70
0x
2A74
0x
2A78
0x
2A7C
0x
2A80
0x
2A84
0x
2A88
0x
2A8C
0x
2A94
0x
2AA0
0x
2AA4
0x
2AA8
0x
2AAC
0x
2AB0
0x
2AB4
0x
2AB8
0x
2ABC
0x
2AC8
0x
2ACC
0x
2AD0
0x
2AD4
0x
2AD8
0x
2ADC
0x
2AE0
0x
2AE4
0x
2AE8
0x
2AEC
0x
2AF0
0x
2AF4
0x
2AF8
0x
2B00
0x
2B04
0x
2B08
0x
2B0C
0x
2B10
0x
2B14
0x
2B18
0x
2B1C
0x
2B20
0x
2B24
0x
2B28
0x
2B2C
0x
2B30
0x
2B38
0x
2B3C
0x
2B40
0x
2B44
0x
2B48
0x
2B4C
0x
2B50
0x
2B54
0x
2B58
0x
2B5C
0x
2B60
0x
2B64
0x
2B6C
0x
2B70
0x
2B74
0x
2B78
0x
2B7C
0x
2B80
0x
2B84
0x
2B88
0x
2B8C
0x
2B90
0x
2B94
0x
2B98
0x
2B9C
0x
2BA0
0x
2BA4
0x
2BA8
0x
2BAC
0x
2BB0
0x
2BB4
0x
2BB8
0x
2BBC
0x
2BC0
0x
2BC4
0x
2BC8
0x
2BCC
0x
2BD0
0x
2BD4
0x
2BDC
0x
2BE0
0x
2BE4
0x
2BE8
0x
2BEC
0x
2BF0
0x
2BF4
0x
2BF8
0x
2BFC
0x
E88
0x
28EC
0x
29FC
0x
2AC4
0x
2C04
0x
2C1C
0x
2C20
0x
2C24
0x
2C28
0x
2C2C
0x
2C30
0x
2C34
0x
2C38
0x
2C3C
0x
2C40
0x
2C44
0x
2C48
0x
2C4C
0x
2C50
0x
2C54
0x
2C58
0x
2C5C
0x
2C60
0x
2C64
0x
2C68
0x
2C6C
0x
2C70
0x
2C74
0x
2C78
0x
2C7C
0x
2C80
0x
2C84
0x
2C88
0x
2C8C
0x
2C90
0x
2C94
0x
2C98
0x
2C9C
0x
2CA0
0x
2CA4
0x
2CA8
0x
2CAC
0x
2CB0
0x
2CB4
0x
2CB8
0x
2CBC
0x
2CC0
0x
2CC4
0x
2CC8
0x
2CCC
0x
2CD0
0x
2CD4
0x
2CD8
0x
2CDC
0x
2CE0
0x
2CE4
0x
2CE8
0x
2CEC
0x
2CF0
0x
2CF4
0x
2CF8
0x
2CFC
0x
2D00
0x
2D04
0x
2D08
0x
2D0C
0x
2D10
0x
2D14
0x
2D18
0x
2D1C
0x
2D20
0x
2D24
0x
2D28
0x
2D2C
0x
2D30
0x
2D34
0x
2D38
0x
2D3C
0x
2D40
0x
2D44
0x
2D48
0x
2D4C
0x
2D50
0x
2D54
0x
2D58
0x
2D5C
0x
2D60
0x
2D64
0x
2D68
0x
2D6C
0x
2D70
0x
2D74
0x
2D78
0x
2D7C
0x
2D80
0x
2D84
0x
2D88
0x
2D8C
0x
2D90
0x
2D94
0x
2D98
0x
2D9C
0x
2DA0
0x
2DA4
0x
2DA8
0x
2DAC
0x
2DB0
0x
2DB4
0x
2DB8
0x
2DBC
0x
2DC0
0x
2DC4
0x
2DC8
0x
2DCC
0x
2DD0
0x
2DD4
0x
2DD8
0x
2DDC
0x
2DE0
0x
2DE4
0x
2DE8
0x
2DEC
0x
2DF0
0x
2DF4
0x
2DF8
0x
2DFC
0x
2E00
0x
2E04
0x
2E08
0x
2E0C
0x
2E10
0x
2E14
0x
2E18
0x
2E1C
0x
2E20
0x
2E24
0x
2E28
0x
2E2C
0x
2E30
0x
2E34
0x
2E38
0x
2E3C
0x
2E40
0x
2E44
0x
2E48
0x
2E4C
0x
2E50
0x
2E54
0x
2E58
0x
2E5C
0x
2E60
0x
2E64
0x
2E68
0x
2E6C
0x
2E70
0x
2E74
0x
2E78
0x
2E7C
0x
2E80
0x
2E84
0x
2E88
0x
2E8C
0x
2E90
0x
2E94
0x
2E98
0x
2E9C
0x
2EA0
0x
2EA4
0x
2EA8
0x
2EAC
0x
2EB0
0x
2EB4
0x
2EB8
0x
2EBC
0x
2EC0
0x
2EC4
0x
2EC8
0x
2ECC
0x
2ED0
0x
2ED4
0x
2ED8
0x
2EDC
0x
2EE0
0x
2EE4
0x
2EE8
0x
2EEC
0x
2EF0
0x
2EF4
0x
2EF8
0x
2EFC
0x
2F00
0x
2F04
0x
2F08
0x
2F0C
0x
2F10
0x
2F14
0x
2F18
0x
2F1C
0x
2F20
0x
2F24
0x
2F28
0x
2F2C
0x
2F30
0x
2F34
0x
2F38
0x
2F3C
0x
2F40
0x
2F44
0x
2F48
0x
2F4C
0x
2F50
0x
2F54
0x
2F58
0x
2F5C
0x
2F60
0x
2F64
0x
2F68
0x
2F6C
0x
2F70
0x
2F74
0x
2F78
0x
2F7C
0x
2F80
0x
2F84
0x
2F88
0x
2F8C
0x
2F90
0x
2F94
0x
2F98
0x
2F9C
0x
2FA0
0x
2FA4
0x
2FA8
0x
2FAC
0x
2FB0
0x
2FB4
0x
2FB8
0x
2FBC
0x
2FC0
0x
2FC4
0x
2FC8
0x
2FCC
0x
2FD0
0x
2FD4
0x
2FD8
0x
2FDC
0x
2FE0
0x
2FE4
0x
2FE8
0x
2FEC
0x
2FF0
0x
2FF4
0x
2FF8
0x
2FFC
0x
1AC0
0x
2C0C
0x
29D8
0x
2A60
0x
2A5C
0x
2B68
0x
29D4
0x
2C14
0x
2C18
0x
2C10
0x
2A90
0x
2A58
0x
2A9C
0x
29F8
0x
2B34
0x
2C08
0x
2A98
0x
2BD8
0x
2AFC
0x
2AC0
0x
3004
0x
3008
0x
300C
0x
3010
0x
3014
0x
3018
0x
301C
0x
3020
0x
3024
0x
3028
0x
302C
0x
3030
0x
3034
0x
3038
0x
303C
0x
3040
0x
3044
0x
3048
0x
304C
0x
3050
0x
3054
0x
3058
0x
305C
0x
3060
0x
3064
0x
3068
0x
306C
0x
3070
0x
3074
0x
3078
0x
307C
0x
3080
0x
3084
0x
3088
0x
308C
0x
3090
0x
3094
0x
3098
0x
309C
0x
30A0
0x
30A4
0x
30A8
0x
30AC
0x
30B0
0x
30B4
0x
30B8
0x
30BC
0x
30C0
0x
30C4
0x
30C8
0x
30CC
0x
30D0
0x
30D4
0x
30D8
0x
30DC
0x
30E0
0x
30E4
0x
30E8
0x
30EC
0x
30F0
0x
30F4
0x
30F8
0x
30FC
0x
3100
0x
3104
0x
3108
0x
310C
0x
3110
0x
3114
0x
3118
0x
311C
0x
3120
0x
3124
0x
3128
0x
312C
0x
3130
0x
3134
0x
3138
0x
313C
0x
3140
0x
3144
0x
3148
0x
314C
0x
3150
0x
3154
0x
3158
0x
315C
0x
3160
0x
3164
0x
3168
0x
316C
0x
3170
0x
3174
0x
3178
0x
317C
0x
3180
0x
3184
0x
3188
0x
318C
0x
3190
0x
3194
0x
3198
0x
319C
0x
31A0
0x
31A4
0x
31A8
0x
31AC
0x
31B0
0x
31B4
0x
31B8
0x
31BC
0x
31C0
0x
31C4
0x
31C8
0x
31CC
0x
31D0
0x
31D4
0x
31D8
0x
31DC
0x
31E0
0x
31E4
0x
31E8
0x
31EC
0x
31F0
0x
31F4
0x
31F8
0x
31FC
0x
3200
0x
3204
0x
3208
0x
320C
0x
3210
0x
3214
0x
3218
0x
321C
0x
3220
0x
3224
0x
3228
0x
322C
0x
3230
0x
3234
0x
3238
0x
323C
0x
3240
0x
3244
0x
3248
0x
324C
0x
3250
0x
3254
0x
3258
0x
325C
0x
3260
0x
3264
0x
3268
0x
326C
0x
3270
0x
3274
0x
3278
0x
327C
0x
3280
0x
3284
0x
3288
0x
328C
0x
3290
0x
3294
0x
3298
0x
329C
0x
32A0
0x
32A4
0x
32A8
0x
32AC
0x
32B0
0x
32B4
0x
32B8
0x
32BC
0x
32C0
0x
32C4
0x
32C8
0x
32CC
0x
32D0
0x
32D4
0x
32D8
0x
32DC
0x
32E0
0x
32E4
0x
32E8
0x
32EC
0x
32F0
0x
32F4
0x
32F8
0x
32FC
0x
3300
0x
3304
0x
3308
0x
330C
0x
3310
0x
3314
0x
3318
0x
331C
0x
3320
0x
3324
0x
3328
0x
332C
0x
3330
0x
3334
0x
3338
0x
333C
0x
3340
0x
3344
0x
3348
0x
334C
0x
3350
0x
3354
0x
3358
0x
335C
0x
3360
0x
3364
0x
3368
0x
336C
0x
3370
0x
3374
0x
3378
0x
337C
0x
3380
0x
3384
0x
3388
0x
338C
0x
3390
0x
3394
0x
3398
0x
339C
0x
33A0
0x
33A4
0x
33A8
0x
33AC
0x
33B0
0x
33B4
0x
33B8
0x
33BC
0x
33C0
0x
33C4
0x
33C8
0x
33CC
0x
33D0
0x
33D4
0x
33D8
0x
33DC
0x
33E0
0x
33E4
0x
33E8
0x
33EC
0x
33F0
0x
33F4
0x
3404
0x
3408
0x
340C
0x
3410
0x
3414
0x
3418
0x
341C
0x
3428
0x
342C
0x
3430
0x
3434
0x
343C
0x
3440
0x
3444
0x
3448
0x
344C
0x
3450
0x
3454
0x
3458
0x
345C
0x
3460
0x
3464
0x
346C
0x
3470
0x
3474
0x
3478
0x
347C
0x
3480
0x
3484
0x
3488
0x
348C
0x
3490
0x
3494
0x
3498
0x
349C
0x
34A0
0x
34A4
0x
34A8
0x
34AC
0x
34B0
0x
34B4
0x
34B8
0x
34BC
0x
34C0
0x
34C4
0x
34C8
0x
34CC
0x
34D0
0x
34D4
0x
34D8
0x
34DC
0x
34E0
0x
34E4
0x
34E8
0x
34EC
0x
34F0
0x
34F4
0x
34F8
0x
34FC
0x
3500
0x
3504
0x
3508
0x
350C
0x
3510
0x
3514
0x
3518
0x
351C
0x
3520
0x
3524
0x
3528
0x
352C
0x
3530
0x
3534
0x
3538
0x
353C
0x
3540
0x
3544
0x
3548
0x
354C
0x
3550
0x
3554
0x
3558
0x
355C
0x
3560
0x
3564
0x
3568
0x
356C
0x
3570
0x
3574
0x
3578
0x
357C
0x
3580
0x
3584
0x
3588
0x
358C
0x
3590
0x
3594
0x
3598
0x
359C
0x
35A0
0x
35A4
0x
35A8
0x
35AC
0x
35B0
0x
35B4
0x
35B8
0x
35BC
0x
35C0
0x
35C4
0x
35C8
0x
35CC
0x
35D0
0x
35D4
0x
35D8
0x
35DC
0x
35E8
0x
35EC
0x
35F0
0x
35F4
0x
35F8
0x
35FC
0x
3600
0x
3604
0x
3608
0x
360C
0x
3610
0x
3614
0x
3618
0x
3628
0x
362C
0x
3630
0x
3634
0x
3638
0x
363C
0x
3640
0x
3644
0x
364C
0x
3650
0x
3654
0x
3658
0x
365C
0x
3660
0x
3664
0x
3668
0x
366C
0x
3670
0x
3674
0x
3678
0x
367C
0x
3680
0x
3684
0x
3688
0x
368C
0x
3690
0x
3694
0x
3698
0x
369C
0x
36A0
0x
36A4
0x
36AC
0x
36B0
0x
36B4
0x
36B8
0x
36BC
0x
36C0
0x
36C4
0x
36C8
0x
36CC
0x
36D0
0x
36D4
0x
36D8
0x
36DC
0x
36E0
0x
36E4
0x
36E8
0x
36EC
0x
36F0
0x
36F4
0x
36F8
0x
36FC
0x
3700
0x
3704
0x
3708
0x
370C
0x
3710
0x
3714
0x
3718
0x
371C
0x
3720
0x
3728
0x
372C
0x
3730
0x
3734
0x
3738
0x
373C
0x
3740
0x
3744
0x
3748
0x
374C
0x
3750
0x
3754
0x
3758
0x
375C
0x
3760
0x
3764
0x
3768
0x
376C
0x
3770
0x
3774
0x
3778
0x
377C
0x
3780
0x
3784
0x
3788
0x
378C
0x
3790
0x
3794
0x
379C
0x
37A0
0x
37A4
0x
37A8
0x
37AC
0x
37B0
0x
37B4
0x
37B8
0x
37BC
0x
37C0
0x
37C4
0x
37C8
0x
37CC
0x
37D0
0x
37D4
0x
37D8
0x
37DC
0x
37E0
0x
37EC
0x
37F0
0x
37F4
0x
37F8
0x
37FC
0x
33C8
0x
1998
0x
3424
0x
34DC
0x
1448
0x
3624
0x
1A88
0x
3808
0x
380C
0x
3810
0x
3814
0x
3818
0x
381C
0x
3820
0x
3824
0x
3828
0x
382C
0x
3830
0x
3838
0x
383C
0x
3840
0x
3844
0x
3848
0x
384C
0x
3850
0x
3854
0x
3858
0x
385C
0x
3860
0x
3864
0x
3868
0x
386C
0x
3870
0x
3874
0x
3878
0x
387C
0x
3880
0x
3884
0x
3888
0x
388C
0x
3890
0x
3894
0x
3898
0x
389C
0x
38A0
0x
38A4
0x
38A8
0x
38AC
0x
38B8
0x
38BC
0x
38C0
0x
38C4
0x
38C8
0x
38CC
0x
38D0
0x
38D4
0x
38D8
0x
38DC
0x
38E0
0x
38E4
0x
38E8
0x
38EC
0x
38F0
0x
38F4
0x
38F8
0x
38FC
0x
3900
0x
3904
0x
3908
0x
390C
0x
3910
0x
3914
0x
3918
0x
391C
0x
3920
0x
3924
0x
3928
0x
392C
0x
3930
0x
3934
0x
3938
0x
393C
0x
3940
0x
3944
0x
3948
0x
394C
0x
3950
0x
3954
0x
3958
0x
395C
0x
3960
0x
3964
0x
3968
0x
396C
0x
3974
0x
3978
0x
397C
0x
3980
0x
3984
0x
3988
0x
398C
0x
3990
0x
3994
0x
3998
0x
399C
0x
39A0
0x
39A4
0x
39A8
0x
39AC
0x
39B0
0x
39B4
0x
39B8
0x
39BC
0x
39C0
0x
39C4
0x
39C8
0x
39CC
0x
39D0
0x
39D4
0x
39D8
0x
39DC
0x
39E0
0x
39E4
0x
39E8
0x
39EC
0x
39F0
0x
39F4
0x
39F8
0x
39FC
0x
3A00
0x
3A04
0x
3A08
0x
3A0C
0x
3A10
0x
3A14
0x
3A18
0x
3A1C
0x
3A20
0x
3A24
0x
3A28
0x
3A2C
0x
3A30
0x
3A34
0x
3A38
0x
3A3C
0x
3A40
0x
3A44
0x
3A48
0x
3A4C
0x
3A50
0x
3A54
0x
3A58
0x
3A5C
0x
3A60
0x
3A64
0x
3A68
0x
3A6C
0x
3A70
0x
3A74
0x
3A78
0x
3A7C
0x
3A80
0x
3A84
0x
3A88
0x
3A8C
0x
3A90
0x
3A94
0x
3A98
0x
3A9C
0x
3AA0
0x
3AA4
0x
3AA8
0x
3AAC
0x
3AB0
0x
3AB4
0x
3AB8
0x
3ABC
0x
3AC0
0x
3AC4
0x
3AC8
0x
3ACC
0x
3AD0
0x
3AD4
0x
3AD8
0x
3ADC
0x
3AE0
0x
3AE4
0x
3AE8
0x
3AEC
0x
3AF0
0x
3AF4
0x
3AF8
0x
3AFC
0x
3B00
0x
3B04
0x
3B08
0x
3B0C
0x
3B10
0x
3B14
0x
3B18
0x
3B1C
0x
3B20
0x
3B24
0x
3B28
0x
3B2C
0x
3B30
0x
3B34
0x
3B38
0x
3B3C
0x
3B40
0x
3B44
0x
3B48
0x
3B4C
0x
3B50
0x
3B54
0x
3B58
0x
3B5C
0x
3B60
0x
3B64
0x
3B68
0x
3B6C
0x
3B70
0x
3B74
0x
3B78
0x
3B7C
0x
3B80
0x
3B84
0x
3B88
0x
3B8C
0x
3B90
0x
3B94
0x
3B98
0x
3B9C
0x
3BA0
0x
3BA4
0x
3BA8
0x
3BAC
0x
3BB0
0x
3BB4
0x
3BB8
0x
3BBC
0x
3BC0
0x
3BC4
0x
3BC8
0x
3BCC
0x
3BD0
0x
3BD4
0x
3BD8
0x
3BDC
0x
3BE0
0x
3BE4
0x
3BE8
0x
3BEC
0x
3BF0
0x
3BF4
0x
3BF8
0x
3BFC
0x
38B4
0x
3970
0x
35E4
0x
36A8
0x
3804
0x
37E8
0x
3834
0x
3798
0x
3648
0x
33FC
0x
3C04
0x
3C08
0x
3C0C
0x
3C10
0x
3C14
0x
3C18
0x
3C1C
0x
3C20
0x
3C24
0x
3C28
0x
3C2C
0x
3C30
0x
3C34
0x
3C38
0x
3C3C
0x
3C40
0x
3C44
0x
3C48
0x
3C4C
0x
3C50
0x
3C54
0x
3C58
0x
3C5C
0x
3C60
0x
3C64
0x
3C68
0x
3C6C
0x
3C70
0x
3C74
0x
3C78
0x
3C7C
0x
3C80
0x
3C84
0x
3C88
0x
3C8C
0x
3C90
0x
3C94
0x
3C98
0x
3C9C
0x
3CA0
0x
3CA4
0x
3CA8
0x
3CAC
0x
3CB0
0x
3CB4
0x
3CB8
0x
3CBC
0x
3CC0
0x
3CC4
0x
3CC8
0x
3CD4
0x
3CD8
0x
3CDC
0x
3CE0
0x
3CE4
0x
3CE8
0x
3CEC
0x
3CF0
0x
3CF4
0x
3CF8
0x
3CFC
0x
3D00
0x
3D04
0x
3D08
0x
3D0C
0x
3D10
0x
3D14
0x
3D18
0x
3D1C
0x
3D20
0x
3D24
0x
3D28
0x
3D2C
0x
3D30
0x
3D34
0x
3D38
0x
3D3C
0x
3D40
0x
3D44
0x
3D48
0x
3D4C
0x
3D50
0x
3D54
0x
3D58
0x
3D5C
0x
3D60
0x
3D64
0x
3D68
0x
3D6C
0x
3D70
0x
3D74
0x
3D78
0x
3D7C
0x
3D80
0x
3D84
0x
3D88
0x
3D8C
0x
3D90
0x
3D94
0x
3D98
0x
3D9C
0x
3DA0
0x
3DA4
0x
3DA8
0x
3DAC
0x
3DB0
0x
3DB4
0x
3DB8
0x
3DBC
0x
3DC0
0x
3DC4
0x
3DC8
0x
3DCC
0x
3DD0
0x
3DD4
0x
3DD8
0x
3DDC
0x
3DE0
0x
3DE4
0x
3DE8
0x
3DEC
0x
3DF0
0x
3DF4
0x
3DF8
0x
3DFC
0x
3E00
0x
3E04
0x
3E08
0x
3E0C
0x
3E10
0x
3E14
0x
3E18
0x
3E1C
0x
3E20
0x
3E24
0x
3E28
0x
3E2C
0x
3E34
0x
3E38
0x
3E3C
0x
3E40
0x
3E44
0x
3E48
0x
3E4C
0x
3E50
0x
3E54
0x
3E58
0x
3E5C
0x
3E60
0x
3E64
0x
3E68
0x
3E6C
0x
3E70
0x
3E74
0x
3E78
0x
3E7C
0x
3E80
0x
3E84
0x
3E88
0x
3E8C
0x
3E90
0x
3E94
0x
3E98
0x
3E9C
0x
3EA0
0x
3EA4
0x
3EA8
0x
3EB4
0x
3EB8
0x
3EBC
0x
3EC0
0x
3EC4
0x
3EC8
0x
3ECC
0x
3ED0
0x
3ED4
0x
3ED8
0x
3EDC
0x
3EE0
0x
3EE4
0x
3EE8
0x
3EEC
0x
3EF0
0x
3EF4
0x
3EF8
0x
3EFC
0x
3F00
0x
3F04
0x
3F08
0x
3F0C
0x
3F10
0x
3F14
0x
3F18
0x
3F1C
0x
3F20
0x
3F24
0x
3F28
0x
3F2C
0x
3F30
0x
3F34
0x
3F38
0x
3F3C
0x
3F40
0x
3F44
0x
3F4C
0x
3F50
0x
3F54
0x
3F58
0x
3F5C
0x
3F60
0x
3F64
0x
3F68
0x
3F6C
0x
3F70
0x
3F74
0x
3F78
0x
3F7C
0x
3F80
0x
3F84
0x
3F90
0x
3F94
0x
3F98
0x
3F9C
0x
3FA0
0x
3FA4
0x
3FA8
0x
3FAC
0x
3FB0
0x
3FB4
0x
3FB8
0x
3FBC
0x
3FC0
0x
3FC4
0x
3FC8
0x
3FCC
0x
3FD0
0x
3FD4
0x
3FD8
0x
3FDC
0x
3FE0
0x
3FE4
0x
3FE8
0x
3FEC
0x
3FF0
0x
3FF4
0x
3FF8
0x
3FFC
0x
3468
0x
3724
0x
361C
0x
3438
0x
38B0
0x
35E0
0x
37E4
0x
3620
0x
33F8
0x
3420
0x
4004
0x
4008
0x
400C
0x
4010
0x
4014
0x
4018
0x
401C
0x
4020
0x
4024
0x
4028
0x
402C
0x
4030
0x
4034
0x
403C
0x
4040
0x
4044
0x
4048
0x
404C
0x
4050
0x
4054
0x
4058
0x
405C
0x
4060
0x
4064
0x
4068
0x
406C
0x
4070
0x
4074
0x
4078
0x
407C
0x
4080
0x
4084
0x
4088
0x
408C
0x
4090
0x
4094
0x
4098
0x
409C
0x
40A0
0x
40A4
0x
40A8
0x
40AC
0x
40B0
0x
40B4
0x
40B8
0x
40BC
0x
40C0
0x
40C4
0x
40C8
0x
40CC
0x
40D0
0x
40D4
0x
40D8
0x
40DC
0x
40E0
0x
40E4
0x
40E8
0x
40EC
0x
40F0
0x
40F4
0x
40F8
0x
40FC
0x
4100
0x
4104
0x
4108
0x
410C
0x
4110
0x
4114
0x
4118
0x
411C
0x
4120
0x
4124
0x
4128
0x
412C
0x
4130
0x
4134
0x
4138
0x
413C
0x
4140
0x
4144
0x
4148
0x
414C
0x
4150
0x
4154
0x
4158
0x
415C
0x
4160
0x
4164
0x
4168
0x
416C
0x
4170
0x
4174
0x
4178
0x
417C
0x
4180
0x
4184
0x
4188
0x
418C
0x
4190
0x
4194
0x
4198
0x
419C
0x
41A0
0x
41A4
0x
41A8
0x
41AC
0x
41B0
0x
41B4
0x
41B8
0x
41BC
0x
41C0
0x
41C4
0x
41C8
0x
41CC
0x
41D0
0x
41D4
0x
41D8
0x
41DC
0x
41E0
0x
41E4
0x
41E8
0x
41EC
0x
41F0
0x
41F4
0x
41F8
0x
41FC
0x
4200
0x
4204
0x
4208
0x
420C
0x
4210
0x
4214
0x
4218
0x
421C
0x
4220
0x
4224
0x
4228
0x
422C
0x
4230
0x
4234
0x
4238
0x
423C
0x
4240
0x
4244
0x
4248
0x
424C
0x
4250
0x
4254
0x
4258
0x
425C
0x
4260
0x
4264
0x
4268
0x
426C
0x
4270
0x
4274
0x
4278
0x
427C
0x
4280
0x
4284
0x
4288
0x
428C
0x
4290
0x
4294
0x
4298
0x
429C
0x
42A0
0x
42A4
0x
42A8
0x
42AC
0x
42B0
0x
42B4
0x
42B8
0x
42BC
0x
42C0
0x
42C4
0x
42C8
0x
42CC
0x
42D0
0x
42D4
0x
42D8
0x
42DC
0x
42E0
0x
42E4
0x
42E8
0x
42EC
0x
42F0
0x
42F4
0x
42F8
0x
42FC
0x
4300
0x
4304
0x
4308
0x
430C
0x
4310
0x
4314
0x
4318
0x
431C
0x
4320
0x
4324
0x
4328
0x
432C
0x
4330
0x
4334
0x
4338
0x
433C
0x
4340
0x
4344
0x
4348
0x
434C
0x
4350
0x
4354
0x
4358
0x
435C
0x
4360
0x
4364
0x
4368
0x
436C
0x
4370
0x
4374
0x
4378
0x
437C
0x
4380
0x
4384
0x
4388
0x
438C
0x
4390
0x
4394
0x
439C
0x
4398
0x
43A0
0x
43A4
0x
43A8
0x
43AC
0x
43B0
0x
43B4
0x
43BC
0x
43C0
0x
43C4
0x
43C8
0x
43CC
0x
43D0
0x
43D4
0x
43D8
0x
43DC
0x
43E0
0x
43E4
0x
43E8
0x
43EC
0x
43F0
0x
43F4
0x
43F8
0x
43FC
0x
F5C
0x
F58
0x
4404
0x
4408
0x
440C
0x
4410
0x
4414
0x
4418
0x
441C
0x
4420
0x
4424
0x
4428
0x
442C
0x
4430
0x
4434
0x
4438
0x
443C
0x
4440
0x
4444
0x
4448
0x
444C
0x
4450
0x
4454
0x
4458
0x
445C
0x
4460
0x
4464
0x
4468
0x
446C
0x
4470
0x
4474
0x
4478
0x
447C
0x
4480
0x
4484
0x
4488
0x
448C
0x
4490
0x
4494
0x
4498
0x
449C
0x
44A0
0x
44A4
0x
44A8
0x
44AC
0x
44B0
0x
44B4
0x
44B8
0x
44BC
0x
44C0
0x
44C4
0x
44C8
0x
44CC
0x
44D0
0x
44D4
0x
44E8
0x
44EC
0x
44F0
0x
44F4
0x
44F8
0x
44FC
0x
4500
0x
4504
0x
4508
0x
450C
0x
4510
0x
4514
0x
4518
0x
451C
0x
4520
0x
4524
0x
4528
0x
452C
0x
4530
0x
4534
0x
4538
0x
453C
0x
4540
0x
4544
0x
4548
0x
4550
0x
4554
0x
4558
0x
455C
0x
4560
0x
4568
0x
456C
0x
4570
0x
4574
0x
4578
0x
457C
0x
4580
0x
4584
0x
4588
0x
458C
0x
4590
0x
4594
0x
4598
0x
459C
0x
45A0
0x
45A4
0x
45A8
0x
45AC
0x
45B0
0x
45B4
0x
45B8
0x
45BC
0x
45C0
0x
45C4
0x
45C8
0x
45CC
0x
45D0
0x
45D4
0x
45D8
0x
45DC
0x
45E0
0x
45E4
0x
45E8
0x
45EC
0x
45F0
0x
45F4
0x
45F8
0x
45FC
0x
4600
0x
4604
0x
4608
0x
460C
0x
4610
0x
4614
0x
4618
0x
461C
0x
4620
0x
4624
0x
4628
0x
462C
0x
4630
0x
4634
0x
4638
0x
463C
0x
4640
0x
4644
0x
4648
0x
464C
0x
4658
0x
465C
0x
4660
0x
4664
0x
4668
0x
466C
0x
4670
0x
4674
0x
4678
0x
467C
0x
4680
0x
4684
0x
4688
0x
468C
0x
4690
0x
4698
0x
469C
0x
46A0
0x
46A4
0x
46A8
0x
46AC
0x
46B0
0x
46B4
0x
46B8
0x
46BC
0x
46C0
0x
46C4
0x
46C8
0x
46CC
0x
46D0
0x
46EC
0x
46F0
0x
46F4
0x
46F8
0x
46FC
0x
4700
0x
4704
0x
4718
0x
471C
0x
4720
0x
4724
0x
4728
0x
472C
0x
4730
0x
4734
0x
4738
0x
4750
0x
4754
0x
4758
0x
475C
0x
4760
0x
4764
0x
4768
0x
476C
0x
4770
0x
4774
0x
4778
0x
477C
0x
4780
0x
4784
0x
4788
0x
478C
0x
4790
0x
4794
0x
4798
0x
479C
0x
47A0
0x
47A4
0x
47A8
0x
47AC
0x
47B8
0x
47BC
0x
47C0
0x
47C4
0x
47C8
0x
47CC
0x
47D0
0x
47D4
0x
47D8
0x
47DC
0x
47E0
0x
47E4
0x
47E8
0x
47EC
0x
47F0
0x
47F4
0x
47F8
0x
47FC
0x
439C
0x
44E4
0x
46D0
0x
470C
0x
4804
0x
4808
0x
480C
0x
4810
0x
4814
0x
4818
0x
481C
0x
4820
0x
4824
0x
4828
0x
482C
0x
4830
0x
4834
0x
4838
0x
483C
0x
4840
0x
4844
0x
4848
0x
484C
0x
4850
0x
4854
0x
4860
0x
4864
0x
4868
0x
486C
0x
4870
0x
4874
0x
4878
0x
487C
0x
4880
0x
4884
0x
4888
0x
488C
0x
4890
0x
4894
0x
4898
0x
489C
0x
48A0
0x
48A4
0x
48A8
0x
48AC
0x
48B0
0x
48B4
0x
48B8
0x
48BC
0x
48C0
0x
48C4
0x
48C8
0x
48CC
0x
48D0
0x
48D4
0x
48D8
0x
48DC
0x
48E0
0x
48E4
0x
48E8
0x
48EC
0x
48F0
0x
48F4
0x
48F8
0x
48FC
0x
4900
0x
4904
0x
4908
0x
490C
0x
4910
0x
4914
0x
4918
0x
491C
0x
4920
0x
4924
0x
4928
0x
492C
0x
4930
0x
4934
0x
4938
0x
493C
0x
4940
0x
4944
0x
4948
0x
494C
0x
4950
0x
4954
0x
4958
0x
495C
0x
4960
0x
4964
0x
4968
0x
496C
0x
4970
0x
4974
0x
4978
0x
4980
0x
4984
0x
4988
0x
498C
0x
4990
0x
4994
0x
4998
0x
499C
0x
49A0
0x
49A4
0x
49A8
0x
49AC
0x
49B0
0x
49B4
0x
49B8
0x
49BC
0x
49C0
0x
49C4
0x
49C8
0x
49CC
0x
49D0
0x
49D4
0x
49D8
0x
49DC
0x
49E0
0x
49E4
0x
49E8
0x
49EC
0x
49F0
0x
49F4
0x
49F8
0x
49FC
0x
4A00
0x
4A04
0x
4A08
0x
4A0C
0x
4A10
0x
4A14
0x
4A18
0x
4A1C
0x
4A20
0x
4A24
0x
4A28
0x
4A2C
0x
4A30
0x
4A34
0x
4A38
0x
4A3C
0x
4A40
0x
4A44
0x
4A48
0x
4A4C
0x
4A50
0x
4A54
0x
4A58
0x
4A5C
0x
4A60
0x
4A64
0x
4A68
0x
4A6C
0x
4A70
0x
4A74
0x
4A78
0x
4A7C
0x
4A80
0x
4A84
0x
4A88
0x
4A8C
0x
4A90
0x
4A9C
0x
4AA0
0x
4AA4
0x
4AA8
0x
4AAC
0x
4AB0
0x
4AB4
0x
4AB8
0x
4ABC
0x
4AC0
0x
4AC4
0x
4AC8
0x
4ACC
0x
4AD0
0x
4AD4
0x
4AD8
0x
4ADC
0x
4AE0
0x
4AE4
0x
4AE8
0x
4AEC
0x
4AF0
0x
4AF4
0x
4AF8
0x
4AFC
0x
4B00
0x
4B04
0x
4B08
0x
4B0C
0x
4B10
0x
4B14
0x
4B18
0x
4B1C
0x
4B20
0x
4B24
0x
4B28
0x
4B2C
0x
4B30
0x
4B34
0x
4B38
0x
4B3C
0x
4B40
0x
4B44
0x
4B48
0x
4B4C
0x
4B50
0x
4B54
0x
4B58
0x
4B5C
0x
4B60
0x
4B64
0x
4B68
0x
4B6C
0x
4B70
0x
4B74
0x
4B78
0x
4B7C
0x
4B80
0x
4B84
0x
4B88
0x
4B8C
0x
4B90
0x
4B94
0x
4B98
0x
4B9C
0x
4BA0
0x
4BA4
0x
4BA8
0x
4BAC
0x
4BB0
0x
4BB4
0x
4BB8
0x
4BBC
0x
4BC0
0x
4BC8
0x
4BCC
0x
4BD0
0x
4BD4
0x
4BD8
0x
4BDC
0x
4BE0
0x
4BE4
0x
4BE8
0x
4BEC
0x
4BF0
0x
4BF4
0x
4BF8
0x
4BFC
0x
4C04
0x
4C08
0x
4C0C
0x
4C10
0x
4C14
0x
4C18
0x
4C1C
0x
4C20
0x
4C24
0x
4C28
0x
4C2C
0x
4C30
0x
4C34
0x
4C38
0x
4C3C
0x
4C40
0x
4C44
0x
4C48
0x
4C4C
0x
4C50
0x
4C54
0x
4C58
0x
4C5C
0x
4C60
0x
4C64
0x
4C68
0x
4C6C
0x
4C70
0x
4C74
0x
4C78
0x
4C7C
0x
4C80
0x
4C84
0x
4C88
0x
4C8C
0x
4C90
0x
4C94
0x
4C98
0x
4C9C
0x
4CA0
0x
4CA4
0x
4CA8
0x
4CAC
0x
4CB0
0x
4CB4
0x
4CB8
0x
4CBC
0x
4CC0
0x
4CC4
0x
4CC8
0x
4CCC
0x
4CD0
0x
4CD4
0x
4CD8
0x
4CDC
0x
4CE0
0x
4CE4
0x
4CE8
0x
4CEC
0x
4CF0
0x
4CF4
0x
4CF8
0x
4CFC
0x
4D00
0x
4D04
0x
4D08
0x
4D0C
0x
4D10
0x
4D14
0x
4D18
0x
4D1C
0x
4D20
0x
4D24
0x
4D28
0x
4D2C
0x
4D30
0x
4D34
0x
4D38
0x
4D3C
0x
4D40
0x
4D44
0x
4D48
0x
4D4C
0x
4D50
0x
4D54
0x
4D58
0x
4D5C
0x
4D60
0x
4D64
0x
4D68
0x
4D6C
0x
4D70
0x
4D74
0x
4D78
0x
4D7C
0x
4D80
0x
4D84
0x
4D88
0x
4D8C
0x
4D90
0x
4D94
0x
4D98
0x
4D9C
0x
4DA0
0x
4DA4
0x
4DA8
0x
4DAC
0x
4DB0
0x
4DB4
0x
4DB8
0x
4DBC
0x
4DC0
0x
4DC4
0x
4DC8
0x
4DCC
0x
4DD0
0x
4DD4
0x
4DD8
0x
4DDC
0x
4DE0
0x
4DE4
0x
4DE8
0x
4DEC
0x
4DF0
0x
4DF4
0x
4DF8
0x
4DFC
0x
4E00
0x
4E04
0x
4E08
0x
4E0C
0x
4E10
0x
4E14
0x
4E18
0x
4E1C
0x
4E20
0x
4E24
0x
4E28
0x
4E2C
0x
4E30
0x
4E34
0x
4E38
0x
4E3C
0x
4E40
0x
4E44
0x
4E48
0x
4E4C
0x
4E50
0x
4E54
0x
4E58
0x
4E5C
0x
4E60
0x
4E64
0x
4E68
0x
4E6C
0x
4E70
0x
4E74
0x
4E78
0x
4E7C
0x
4E80
0x
4E84
0x
4E88
0x
4E8C
0x
4E90
0x
4E94
0x
4E98
0x
4E9C
0x
4EA0
0x
4EA4
0x
4EA8
0x
4EAC
0x
4EB0
0x
4EB4
0x
4EB8
0x
4EBC
0x
4EC0
0x
4EC4
0x
4EC8
0x
4ECC
0x
4ED0
0x
4ED4
0x
4ED8
0x
4EDC
0x
4EE0
0x
4EE4
0x
4EE8
0x
4EEC
0x
4EF0
0x
4EF4
0x
4EF8
0x
4EFC
0x
4F00
0x
4F04
0x
4F08
0x
4F0C
0x
4F10
0x
4F14
0x
4F18
0x
4F1C
0x
4F20
0x
4F24
0x
4F28
0x
4F2C
0x
4F30
0x
4F34
0x
4F38
0x
4F3C
0x
4F40
0x
4F44
0x
4F48
0x
4F4C
0x
4F50
0x
4F54
0x
4F58
0x
4F5C
0x
4F60
0x
4F64
0x
4F68
0x
4F6C
0x
4F70
0x
4F74
0x
4F78
0x
4F7C
0x
4F80
0x
4F84
0x
4F88
0x
4F8C
0x
4F90
0x
4F94
0x
4F98
0x
4F9C
0x
4FA0
0x
4FA4
0x
4FA8
0x
4FAC
0x
4FB0
0x
4FB4
0x
4FB8
0x
4FBC
0x
4FC0
0x
4FC4
0x
4FC8
0x
4FCC
0x
4FD0
0x
4FD4
0x
4FD8
0x
4FDC
0x
4FE0
0x
4FE4
0x
4FE8
0x
4FEC
0x
4FF0
0x
4FF4
0x
4FF8
0x
4FFC
0x
4748
0x
485C
0x
4744
0x
44DC
0x
4564
0x
46D8
0x
4694
0x
44D8
0x
454C
0x
44E0
0x
5004
0x
5008
0x
500C
0x
5010
0x
5014
0x
5018
0x
501C
0x
5020
0x
5024
0x
5028
0x
502C
0x
5030
0x
5034
0x
5038
0x
503C
0x
5040
0x
5044
0x
5048
0x
504C
0x
5050
0x
5054
0x
5058
0x
505C
0x
5060
0x
5064
0x
5068
0x
506C
0x
5070
0x
5074
0x
5078
0x
507C
0x
5080
0x
5084
0x
5088
0x
508C
0x
5090
0x
5094
0x
5098
0x
509C
0x
50A0
0x
50A4
0x
50A8
0x
50AC
0x
50B0
0x
50B4
0x
50B8
0x
50BC
0x
50C0
0x
50C4
0x
50C8
0x
50CC
0x
50D0
0x
50D4
0x
50D8
0x
50DC
0x
50E0
0x
50E4
0x
50E8
0x
50EC
0x
50F0
0x
50F4
0x
50F8
0x
50FC
0x
5100
0x
5104
0x
5108
0x
510C
0x
5110
0x
5114
0x
5118
0x
511C
0x
5120
0x
5124
0x
5128
0x
512C
0x
5130
0x
5134
0x
5138
0x
513C
0x
5140
0x
5144
0x
5148
0x
514C
0x
5150
0x
5154
0x
5158
0x
515C
0x
5168
0x
516C
0x
5170
0x
5174
0x
5178
0x
517C
0x
5180
0x
5184
0x
5188
0x
518C
0x
5190
0x
5194
0x
5198
0x
519C
0x
51A0
0x
51A4
0x
51A8
0x
51AC
0x
51B0
0x
51B4
0x
51B8
0x
51BC
0x
51C0
0x
51C4
0x
51C8
0x
51CC
0x
51D0
0x
51D4
0x
51D8
0x
51DC
0x
51E0
0x
51E4
0x
51E8
0x
51EC
0x
51F0
0x
51F4
0x
51F8
0x
51FC
0x
5200
0x
5204
0x
5208
0x
520C
0x
5210
0x
5214
0x
5218
0x
521C
0x
5220
0x
5224
0x
5228
0x
522C
0x
5230
0x
5234
0x
5238
0x
523C
0x
5240
0x
5244
0x
5248
0x
524C
0x
5250
0x
5254
0x
5258
0x
525C
0x
5260
0x
5264
0x
5268
0x
526C
0x
5270
0x
5274
0x
5278
0x
527C
0x
5280
0x
5284
0x
5288
0x
528C
0x
5290
0x
5294
0x
5298
0x
529C
0x
52A0
0x
52A4
0x
52A8
0x
52AC
0x
52B0
0x
52B4
0x
52B8
0x
52BC
0x
52C0
0x
52C4
0x
52C8
0x
52CC
0x
52D0
0x
52D4
0x
52D8
0x
52DC
0x
52E0
0x
52E4
0x
52E8
0x
52EC
0x
52F0
0x
52F4
0x
52F8
0x
52FC
0x
5300
0x
5304
0x
5308
0x
530C
0x
5310
0x
5314
0x
5318
0x
531C
0x
5320
0x
5324
0x
5328
0x
532C
0x
5330
0x
5334
0x
5338
0x
533C
0x
5340
0x
5344
0x
5348
0x
534C
0x
5350
0x
5354
0x
5358
0x
535C
0x
5360
0x
5364
0x
5368
0x
536C
0x
5370
0x
5374
0x
5378
0x
537C
0x
5380
0x
5384
0x
5388
0x
538C
0x
5390
0x
5394
0x
5398
0x
539C
0x
53A0
0x
53A4
0x
53A8
0x
53AC
0x
53B0
0x
53B4
0x
53B8
0x
53BC
0x
53C0
0x
53C4
0x
53C8
0x
53CC
0x
53D0
0x
53D4
0x
53D8
0x
53DC
0x
53E0
0x
53E4
0x
53E8
0x
53EC
0x
53F0
0x
53F4
0x
53F8
0x
53FC
0x
4A98
0x
4BC4
0x
4A94
0x
46E4
0x
47B0
0x
497C
0x
4858
0x
46E0
0x
473C
0x
4708
0x
F34
0x
5404
0x
5408
0x
540C
0x
5410
0x
5414
0x
5418
0x
541C
0x
5420
0x
5424
0x
5428
0x
542C
0x
5430
0x
5434
0x
5438
0x
543C
0x
5440
0x
5444
0x
5448
0x
544C
0x
5450
0x
5454
0x
5458
0x
545C
0x
5460
0x
5464
0x
5468
0x
546C
0x
5470
0x
5474
0x
5478
0x
547C
0x
5480
0x
5484
0x
5488
0x
548C
0x
5490
0x
5494
0x
5498
0x
549C
0x
54A0
0x
54A4
0x
54A8
0x
54AC
0x
54B0
0x
54B4
0x
54B8
0x
54BC
0x
54C0
0x
54C4
0x
54C8
0x
54CC
0x
54D0
0x
54D4
0x
54D8
0x
54DC
0x
54E0
0x
54E4
0x
54E8
0x
54EC
0x
54F0
0x
54F4
0x
54F8
0x
54FC
0x
5500
0x
5504
0x
5508
0x
550C
0x
5510
0x
5514
0x
5518
0x
551C
0x
5520
0x
5524
0x
5528
0x
5540
0x
5570
0x
5574
0x
5578
0x
557C
0x
5580
0x
5584
0x
5588
0x
558C
0x
5590
0x
5594
0x
5598
0x
559C
0x
55A0
0x
55A4
0x
55A8
0x
55AC
0x
55B0
0x
55B4
0x
55B8
0x
55BC
0x
55C0
0x
55C4
0x
55C8
0x
55CC
0x
55D0
0x
5600
0x
5604
0x
5608
0x
560C
0x
5610
0x
5614
0x
5618
0x
561C
0x
5620
0x
5624
0x
5628
0x
562C
0x
5630
0x
5634
0x
5638
0x
563C
0x
5640
0x
5644
0x
5648
0x
564C
0x
5650
0x
5654
0x
5658
0x
565C
0x
5660
0x
5664
0x
5668
0x
566C
0x
5670
0x
5674
0x
5678
0x
567C
0x
5680
0x
5684
0x
5688
0x
568C
0x
5690
0x
5694
0x
5698
0x
569C
0x
56A0
0x
56A4
0x
56A8
0x
56AC
0x
56B0
0x
56B4
0x
56B8
0x
56BC
0x
56C0
0x
56C4
0x
56C8
0x
56CC
0x
56D0
0x
56D4
0x
56D8
0x
56DC
0x
56E0
0x
56E4
0x
56E8
0x
56EC
0x
56F0
0x
56F4
0x
56F8
0x
56FC
0x
5700
0x
5704
0x
5708
0x
570C
0x
5710
0x
5714
0x
5718
0x
571C
0x
5720
0x
5724
0x
5728
0x
572C
0x
5730
0x
5734
0x
5738
0x
573C
0x
5740
0x
5744
0x
5748
0x
574C
0x
5750
0x
5754
0x
5758
0x
575C
0x
5760
0x
5764
0x
5768
0x
576C
0x
5770
0x
5774
0x
5778
0x
577C
0x
5780
0x
5784
0x
5788
0x
578C
0x
5790
0x
5794
0x
5798
0x
579C
0x
57A0
0x
57A4
0x
57A8
0x
57AC
0x
57B0
0x
57B4
0x
57B8
0x
57BC
0x
57C0
0x
57C4
0x
57C8
0x
57CC
0x
57D0
0x
57D4
0x
57D8
0x
57DC
0x
57E0
0x
57E4
0x
57E8
0x
57EC
0x
57F0
0x
57F4
0x
57F8
0x
57FC
0x
79C
0x
7A0
0x
5528
0x
5538
0x
5554
0x
5558
0x
5550
0x
5530
0x
5544
0x
554C
0x
5548
0x
552C
0x
553C
0x
5534
0x
1B08
0x
5564
0x
555C
0x
556C
0x
55D0
0x
55E0
0x
55F8
0x
55FC
0x
55D8
0x
55F4
0x
55E8
0x
55F0
0x
55D4
0x
55EC
0x
55E4
0x
55DC
0x
270
0x
4B0
0x
2F0
0x
4B4
0x
A60
0x
348
0x
3D8
0x
5804
0x
5808
0x
580C
0x
5810
0x
5814
0x
5818
0x
581C
0x
5820
0x
5824
0x
5828
0x
582C
0x
5830
0x
5834
0x
5838
0x
583C
0x
5840
0x
5844
0x
5848
0x
584C
0x
5850
0x
5854
0x
5858
0x
585C
0x
5860
0x
5864
0x
5868
0x
586C
0x
5870
0x
5874
0x
5878
0x
587C
0x
5880
0x
5884
0x
5888
0x
588C
0x
5890
0x
5894
0x
5898
0x
589C
0x
58A0
0x
58A4
0x
58A8
0x
58C4
0x
58C8
0x
58CC
0x
58D0
0x
58D4
0x
58DC
0x
58E0
0x
58F4
0x
58F8
0x
58FC
0x
5900
0x
5904
0x
5908
0x
590C
0x
5910
0x
5914
0x
5918
0x
591C
0x
5920
0x
5924
0x
5928
0x
592C
0x
5930
0x
5934
0x
5938
0x
593C
0x
5940
0x
5944
0x
5948
0x
594C
0x
5950
0x
5954
0x
5958
0x
595C
0x
5960
0x
5964
0x
5968
0x
596C
0x
5970
0x
5974
0x
5978
0x
597C
0x
5980
0x
5984
0x
5988
0x
598C
0x
5990
0x
5994
0x
5998
0x
599C
0x
59A0
0x
59A4
0x
59A8
0x
59AC
0x
59B0
0x
59B4
0x
59B8
0x
59BC
0x
59C0
0x
59C4
0x
59C8
0x
59CC
0x
59D0
0x
59D4
0x
59D8
0x
59DC
0x
59E0
0x
59E4
0x
59E8
0x
59EC
0x
59F0
0x
59F4
0x
59F8
0x
59FC
0x
5A00
0x
5A04
0x
5A08
0x
5A0C
0x
5A10
0x
5A14
0x
5A18
0x
5A1C
0x
5A20
0x
5A24
0x
5A28
0x
5A2C
0x
5A30
0x
5A34
0x
5A38
0x
5A3C
0x
5A40
0x
5A44
0x
5A64
0x
5A78
0x
5A7C
0x
5A80
0x
5A88
0x
5A8C
0x
5A90
0x
5A94
0x
5A98
0x
5A9C
0x
5AA0
0x
5AA4
0x
5AA8
0x
5AAC
0x
5AB0
0x
5AB4
0x
5AB8
0x
5ABC
0x
5AC0
0x
5AC4
0x
5AC8
0x
5ACC
0x
5AD0
0x
5AD4
0x
5AD8
0x
5ADC
0x
5AE0
0x
5AE4
0x
5AE8
0x
5AEC
0x
5AF0
0x
5AF4
0x
5AF8
0x
5AFC
0x
5B00
0x
5B04
0x
5B08
0x
5B0C
0x
5B10
0x
5B14
0x
5B18
0x
5B1C
0x
5B20
0x
5B24
0x
5B28
0x
5B2C
0x
5B30
0x
5B34
0x
5B38
0x
5B3C
0x
5B40
0x
5B44
0x
5B48
0x
5B4C
0x
5B50
0x
5B54
0x
5B58
0x
5B5C
0x
5B60
0x
5B64
0x
5B68
0x
5B6C
0x
5B70
0x
5B74
0x
5B78
0x
5B7C
0x
5B80
0x
5B84
0x
5B88
0x
5B8C
0x
5B90
0x
5B94
0x
5BA0
0x
5BA4
0x
5BA8
0x
5BAC
0x
5BB8
0x
5BBC
0x
5BC0
0x
5BC4
0x
5BC8
0x
5BD0
0x
5BDC
0x
5BE0
0x
5BE4
0x
5BE8
0x
5BEC
0x
5BF0
0x
5BF8
0x
5BFC
0x
5C8
0x
930
0x
95C
0x
A48
0x
3A4
0x
3F0
0x
3E4
0x
988
0x
380
0x
5160
0x
5164
0x
58A4
0x
58B8
0x
58EC
0x
58E4
0x
58D8
0x
58BC
0x
58E8
0x
58AC
0x
58B4
0x
599C
0x
5A54
0x
5A70
0x
5A74
0x
5A4C
0x
5A5C
0x
5A68
0x
5A60
0x
5A58
0x
5A84
0x
594
0x
5A6C
0x
5A48
0x
5A50
0x
E18
0x
DF8
0x
58C0
0x
5B9C
0x
5BD4
0x
5BF4
0x
5BD8
0x
58F0
0x
5B98
0x
5BB0
0x
5A50
0x
5B4C
0x
5C04
0x
5C08
0x
5C0C
0x
5C10
0x
5C14
0x
5C18
0x
5C1C
0x
5C20
0x
5C24
0x
5C28
0x
5C2C
0x
5C30
0x
5C34
0x
5C38
0x
5C3C
0x
5C40
0x
5C44
0x
5C48
0x
5C4C
0x
5C50
0x
5C54
0x
5C58
0x
5C5C
0x
5C60
0x
5C70
0x
5C74
0x
5C78
0x
5C7C
0x
5C80
0x
5C84
0x
5C88
0x
5C8C
0x
5C90
0x
5C94
0x
5C98
0x
5C9C
0x
5CA0
0x
5CA4
0x
5CA8
0x
5CAC
0x
5CB0
0x
5CB4
0x
5CB8
0x
5CBC
0x
5CC0
0x
5CC4
0x
5CC8
0x
5CCC
0x
5CD0
0x
5CD4
0x
5CD8
0x
5CDC
0x
5CE0
0x
5CE4
0x
5CE8
0x
5CEC
0x
5CF0
0x
5CF4
0x
5CF8
0x
5CFC
0x
5D00
0x
5D04
0x
5D08
0x
5D0C
0x
5D10
0x
5D14
0x
5D18
0x
5D1C
0x
5D20
0x
5D24
0x
5D28
0x
5D2C
0x
5D30
0x
5D34
0x
5D38
0x
5D3C
0x
5D40
0x
5D44
0x
5D48
0x
5D4C
0x
5D50
0x
5D54
0x
5D58
0x
5D5C
0x
5D60
0x
5D64
0x
5D68
0x
5D6C
0x
5D70
0x
5D74
0x
5D78
0x
5D7C
0x
5D80
0x
5D84
0x
5D88
0x
5D8C
0x
5D90
0x
5D94
0x
5D98
0x
5D9C
0x
5DA0
0x
5DA4
0x
5DA8
0x
5DAC
0x
5DB0
0x
5DB4
0x
5DB8
0x
5DBC
0x
5DC0
0x
5DC4
0x
5DC8
0x
5DCC
0x
5DD0
0x
5DD4
0x
5DD8
0x
5DDC
0x
5DE0
0x
5DE4
0x
5DE8
0x
5DEC
0x
5DF0
0x
5DF4
0x
5DF8
0x
5DFC
0x
5E00
0x
5E04
0x
5E08
0x
5E0C
0x
5E10
0x
5E14
0x
5E18
0x
5E1C
0x
5E20
0x
5E24
0x
5E28
0x
5E2C
0x
5E30
0x
5E34
0x
5E38
0x
5E3C
0x
5E40
0x
5E44
0x
5E48
0x
5E4C
0x
5E50
0x
5E54
0x
5E58
0x
5E5C
0x
5E60
0x
5E64
0x
5E68
0x
5E6C
0x
5E70
0x
5E74
0x
5E78
0x
5E7C
0x
5E80
0x
5E84
0x
5E88
0x
5E8C
0x
5E90
0x
5E94
0x
5E98
0x
5E9C
0x
5EA0
0x
5EA4
0x
5EA8
0x
5EAC
0x
5EB0
0x
5EB4
0x
5EB8
0x
5EBC
0x
5EC0
0x
5EC4
0x
5EC8
0x
5ECC
0x
5ED0
0x
5ED4
0x
5ED8
0x
5EDC
0x
5EE0
0x
5EE4
0x
5EE8
0x
5EEC
0x
5F24
0x
5F28
0x
5F2C
0x
5F30
0x
5F34
0x
5F38
0x
5F3C
0x
5F40
0x
5F44
0x
5F48
0x
5F4C
0x
5F50
0x
5F54
0x
5F58
0x
5F5C
0x
5F7C
0x
5F80
0x
5F84
0x
5F88
0x
5F9C
0x
5FA0
0x
5FA4
0x
5FA8
0x
5FAC
0x
5FB0
0x
5FB4
0x
5FB8
0x
5FBC
0x
5FC0
0x
5FC4
0x
5FC8
0x
5FCC
0x
5FD0
0x
5FD4
0x
5FD8
0x
5FDC
0x
5FE0
0x
5FE4
0x
5FE8
0x
5FEC
0x
5FF0
0x
5FF4
0x
5FF8
0x
5FFC
0x
5C68
0x
5C6C
0x
4038
0x
600
0x
5BCC
0x
58B0
0x
5BB4
0x
5C64
0x
43B8
0x
5E8
0x
78C
0x
A64
0x
5EEC
0x
5EFC
0x
5F1C
0x
5F20
0x
5EF4
0x
5F04
0x
5F14
0x
5F10
0x
5F0C
0x
5F08
0x
5F00
0x
5F18
0x
5EF0
0x
5EF8
0x
5F54
0x
5F6C
0x
5F94
0x
5F98
0x
5F64
0x
5F74
0x
5F8C
0x
5F78
0x
5F70
0x
5F90
0x
5F60
0x
5F68
0x
6004
0x
6008
0x
600C
0x
6010
0x
6014
0x
6018
0x
601C
0x
6020
0x
6024
0x
6028
0x
602C
0x
6030
0x
6034
0x
6038
0x
603C
0x
6040
0x
6044
0x
6048
0x
604C
0x
6050
0x
6054
0x
6058
0x
6070
0x
6074
0x
6078
0x
607C
0x
6080
0x
6084
0x
6088
0x
608C
0x
6090
0x
6094
0x
6098
0x
609C
0x
60A0
0x
60A4
0x
60A8
0x
60AC
0x
60B0
0x
60B4
0x
60B8
0x
60BC
0x
60C0
0x
60C4
0x
60C8
0x
60CC
0x
60D0
0x
60D4
0x
60D8
0x
60DC
0x
60E0
0x
60E4
0x
60E8
0x
60EC
0x
60F4
0x
60F8
0x
60FC
0x
6100
0x
6104
0x
6108
0x
610C
0x
6110
0x
6114
0x
6118
0x
611C
0x
6120
0x
6124
0x
6128
0x
612C
0x
6130
0x
6134
0x
6138
0x
613C
0x
6140
0x
6144
0x
6148
0x
614C
0x
6150
0x
6158
0x
615C
0x
6160
0x
6164
0x
6168
0x
616C
0x
6170
0x
6174
0x
6178
0x
617C
0x
6180
0x
6184
0x
6188
0x
618C
0x
6190
0x
6194
0x
61A4
0x
61A8
0x
61AC
0x
61B0
0x
61B4
0x
61BC
0x
61C0
0x
61C4
0x
61C8
0x
61CC
0x
61D0
0x
61D4
0x
61D8
0x
61DC
0x
61E0
0x
61E4
0x
61E8
0x
61EC
0x
61F0
0x
6204
0x
6224
0x
6228
0x
622C
0x
6230
0x
6234
0x
6238
0x
623C
0x
6240
0x
6244
0x
6248
0x
624C
0x
6250
0x
6254
0x
6258
0x
625C
0x
6260
0x
6264
0x
6268
0x
626C
0x
6270
0x
6274
0x
6278
0x
627C
0x
6280
0x
6284
0x
6288
0x
628C
0x
6290
0x
6294
0x
6298
0x
629C
0x
62A0
0x
62A4
0x
62A8
0x
62AC
0x
62B0
0x
62B4
0x
62B8
0x
62BC
0x
62C0
0x
62C4
0x
62C8
0x
62CC
0x
62D0
0x
62D4
0x
62D8
0x
62DC
0x
62E0
0x
62E4
0x
62E8
0x
62EC
0x
62F0
0x
62F4
0x
62F8
0x
62FC
0x
6300
0x
6304
0x
6308
0x
630C
0x
6310
0x
6314
0x
6318
0x
631C
0x
6320
0x
6324
0x
6328
0x
632C
0x
6330
0x
6334
0x
6338
0x
633C
0x
6340
0x
6344
0x
6348
0x
634C
0x
6350
0x
6354
0x
6358
0x
635C
0x
6360
0x
6364
0x
6368
0x
636C
0x
6370
0x
6374
0x
6378
0x
637C
0x
6380
0x
6384
0x
638C
0x
6390
0x
6394
0x
6398
0x
639C
0x
63A0
0x
63A4
0x
63A8
0x
63AC
0x
63B0
0x
63B4
0x
63B8
0x
63BC
0x
63C0
0x
63C4
0x
63C8
0x
63CC
0x
63D0
0x
63D4
0x
63D8
0x
63DC
0x
63E0
0x
63E4
0x
63E8
0x
63EC
0x
63F0
0x
63F4
0x
63F8
0x
63FC
0x
6068
0x
61F0
0x
6200
0x
61A0
0x
61B8
0x
6060
0x
60F0
0x
6198
0x
6154
0x
606C
0x
621C
0x
6220
0x
6218
0x
61F8
0x
620C
0x
6214
0x
61F4
0x
6210
0x
6208
0x
61FC
0x
619C
0x
605C
0x
6064
0x
6388
0x
6404
0x
6408
0x
640C
0x
6410
0x
6414
0x
6418
0x
641C
0x
6420
0x
6424
0x
6428
0x
642C
0x
6430
0x
6434
0x
6438
0x
643C
0x
6440
0x
6444
0x
6448
0x
644C
0x
6450
0x
6454
0x
6458
0x
645C
0x
6460
0x
6464
0x
6468
0x
646C
0x
6470
0x
6474
0x
6478
0x
647C
0x
6480
0x
6484
0x
6488
0x
648C
0x
6490
0x
6494
0x
6498
0x
649C
0x
64A0
0x
64A4
0x
64A8
0x
64AC
0x
64B0
0x
64B4
0x
64B8
0x
64BC
0x
64C0
0x
64C4
0x
64C8
0x
64CC
0x
64D0
0x
64D4
0x
64D8
0x
64DC
0x
64E0
0x
64E4
0x
64E8
0x
64EC
0x
64F0
0x
64F4
0x
64F8
0x
64FC
0x
6500
0x
6504
0x
6508
0x
650C
0x
6510
0x
6514
0x
6518
0x
651C
0x
6520
0x
6524
0x
6528
0x
652C
0x
6530
0x
6534
0x
6538
0x
653C
0x
6540
0x
6544
0x
6548
0x
654C
0x
6550
0x
6554
0x
6558
0x
655C
0x
6560
0x
6564
0x
6568
0x
656C
0x
6570
0x
65C4
0x
65C8
0x
65CC
0x
65D0
0x
65D4
0x
65D8
0x
65DC
0x
65E0
0x
65E4
0x
65E8
0x
65EC
0x
65F0
0x
65F4
0x
65F8
0x
65FC
0x
6600
0x
6604
0x
6608
0x
660C
0x
6610
0x
6614
0x
6618
0x
661C
0x
6620
0x
6624
0x
6628
0x
662C
0x
6630
0x
6634
0x
6638
0x
663C
0x
6640
0x
6644
0x
6648
0x
664C
0x
6650
0x
6654
0x
6658
0x
665C
0x
6660
0x
6664
0x
6668
0x
666C
0x
6670
0x
6674
0x
6678
0x
667C
0x
6680
0x
6684
0x
6688
0x
668C
0x
6690
0x
6694
0x
6698
0x
669C
0x
66A0
0x
66A4
0x
66A8
0x
66AC
0x
66B0
0x
66B4
0x
66B8
0x
66BC
0x
66C0
0x
66C4
0x
66C8
0x
66CC
0x
66E4
0x
66EC
0x
66F0
0x
66F4
0x
66F8
0x
66FC
0x
6700
0x
6704
0x
6708
0x
670C
0x
6710
0x
6714
0x
671C
0x
6720
0x
6724
0x
6728
0x
672C
0x
6730
0x
6734
0x
6738
0x
673C
0x
6750
0x
6754
0x
6758
0x
675C
0x
6760
0x
6764
0x
6768
0x
676C
0x
6770
0x
6774
0x
6778
0x
677C
0x
6780
0x
6784
0x
6788
0x
67A0
0x
67A4
0x
67B0
0x
67B4
0x
67BC
0x
67C0
0x
67C4
0x
67C8
0x
67D8
0x
67DC
0x
67E0
0x
67E4
0x
67E8
0x
67EC
0x
67F0
0x
67F4
0x
67F8
0x
67FC
0x
3EAC
0x
290
0x
46D4
0x
66CC
0x
66DC
0x
6748
0x
674C
0x
66D4
0x
66E8
0x
6740
0x
6718
0x
66E0
0x
6744
0x
66D0
0x
66D8
0x
6780
0x
6798
0x
67D0
0x
67D4
0x
6790
0x
67A8
0x
67B8
0x
67AC
0x
679C
0x
67CC
0x
678C
0x
6794
0x
6804
0x
6808
0x
680C
0x
6810
0x
6814
0x
6818
0x
681C
0x
6820
0x
6824
0x
6828
0x
682C
0x
6830
0x
6834
0x
6838
0x
683C
0x
6840
0x
6844
0x
6848
0x
684C
0x
6850
0x
6854
0x
6858
0x
685C
0x
6860
0x
6868
0x
686C
0x
6870
0x
6874
0x
6878
0x
687C
0x
6880
0x
6884
0x
6888
0x
688C
0x
6890
0x
6894
0x
6898
0x
689C
0x
68A0
0x
68A4
0x
68A8
0x
68AC
0x
68B0
0x
68B4
0x
68B8
0x
68BC
0x
68C0
0x
68C4
0x
68C8
0x
68CC
0x
68D0
0x
68D4
0x
68D8
0x
68DC
0x
68E0
0x
68E4
0x
68E8
0x
68EC
0x
68F0
0x
68F4
0x
68F8
0x
68FC
0x
6900
0x
6904
0x
6908
0x
690C
0x
6910
0x
6914
0x
6918
0x
691C
0x
6920
0x
6924
0x
6928
0x
692C
0x
6930
0x
6934
0x
6938
0x
693C
0x
6940
0x
6944
0x
6948
0x
694C
0x
6950
0x
6954
0x
6958
0x
695C
0x
6960
0x
6964
0x
6968
0x
6970
0x
6974
0x
697C
0x
6980
0x
6984
0x
6988
0x
698C
0x
6990
0x
6994
0x
6998
0x
699C
0x
69A0
0x
69A4
0x
69A8
0x
69AC
0x
69B0
0x
69B4
0x
69B8
0x
69BC
0x
69C0
0x
69C4
0x
69C8
0x
69CC
0x
69D0
0x
69D4
0x
69D8
0x
69DC
0x
69E0
0x
69E4
0x
69E8
0x
69EC
0x
69F0
0x
69F4
0x
69F8
0x
69FC
0x
6A00
0x
6A04
0x
6A08
0x
6A0C
0x
6A10
0x
6A1C
0x
6A20
0x
6A24
0x
6A28
0x
6A50
0x
6A54
0x
6A58
0x
6A5C
0x
6A60
0x
6A64
0x
6A68
0x
6A6C
0x
6A70
0x
6A74
0x
6A78
0x
6A7C
0x
6A80
0x
6A84
0x
6A88
0x
6A8C
0x
6A90
0x
6A94
0x
6A98
0x
6A9C
0x
6AA0
0x
6AA4
0x
6AA8
0x
6AAC
0x
6AB0
0x
6AB4
0x
6AB8
0x
6ABC
0x
6AC0
0x
6AC4
0x
6AC8
0x
6ACC
0x
6AD0
0x
6AD4
0x
6AD8
0x
6ADC
0x
6AE0
0x
6AE4
0x
6AE8
0x
6AEC
0x
6AF0
0x
6AF4
0x
6AF8
0x
6AFC
0x
6B00
0x
6B04
0x
6B08
0x
6B0C
0x
6B10
0x
6B14
0x
6B18
0x
6B1C
0x
6B20
0x
6B24
0x
6B28
0x
6B2C
0x
6B30
0x
6B34
0x
6B38
0x
6B3C
0x
6B40
0x
6B44
0x
6B48
0x
6B4C
0x
6B50
0x
6B54
0x
6B58
0x
6B5C
0x
6B60
0x
6B64
0x
6B68
0x
6B6C
0x
6B70
0x
6B74
0x
6B78
0x
6B7C
0x
6B80
0x
6B84
0x
6B88
0x
6B8C
0x
6B90
0x
6B94
0x
6B98
0x
6B9C
0x
6BA0
0x
6BA4
0x
6BA8
0x
6BAC
0x
6BB0
0x
6BB4
0x
6BB8
0x
6BBC
0x
6BC0
0x
6BC4
0x
6BC8
0x
6BCC
0x
6BD0
0x
6BD4
0x
6BD8
0x
6BDC
0x
6BE0
0x
6BE4
0x
6BE8
0x
6BEC
0x
6BF0
0x
6BF4
0x
6BF8
0x
6BFC
0x
880
0x
6A00
0x
6A30
0x
6A48
0x
6A4C
0x
6A18
0x
6A38
0x
6A40
0x
6A3C
0x
6A34
0x
6A44
0x
6A14
0x
6A2C
0x
6C04
0x
6C08
0x
6C0C
0x
6C10
0x
6C14
0x
6C18
0x
6C1C
0x
6C20
0x
6C24
0x
6C28
0x
6C2C
0x
6C30
0x
6C34
0x
6C38
0x
6C3C
0x
6C40
0x
6C44
0x
6C48
0x
6C4C
0x
6C50
0x
6C54
0x
6C58
0x
6C5C
0x
6C60
0x
6C64
0x
6C68
0x
6C6C
0x
6C70
0x
6C74
0x
6C78
0x
6C7C
0x
6C80
0x
6C84
0x
6C88
0x
6C8C
0x
6C90
0x
6C94
0x
6C98
0x
6C9C
0x
6CA0
0x
6CA4
0x
6CA8
0x
6CAC
0x
6CB0
0x
6CB4
0x
6CB8
0x
6CBC
0x
6CC0
0x
6CC4
0x
6CC8
0x
6CD4
0x
6CD8
0x
6CDC
0x
6CE8
0x
6CEC
0x
6CF0
0x
6CF4
0x
6CF8
0x
6CFC
0x
6D04
0x
6D0C
0x
6D10
0x
6D14
0x
6D18
0x
6D1C
0x
6D20
0x
6D24
0x
6D28
0x
6D2C
0x
6D30
0x
6D34
0x
6D38
0x
6D3C
0x
6D40
0x
6D44
0x
6D48
0x
6D4C
0x
6D50
0x
6D54
0x
6D58
0x
6D5C
0x
6D60
0x
6D64
0x
6D68
0x
6D6C
0x
6D70
0x
6D74
0x
6D78
0x
6D7C
0x
6D80
0x
6D84
0x
6D88
0x
6D8C
0x
6D94
0x
6D98
0x
6D9C
0x
6DA0
0x
6DA4
0x
6DA8
0x
6DAC
0x
6DB0
0x
6DB4
0x
6DB8
0x
6DBC
0x
6DC0
0x
6DC4
0x
6DC8
0x
6DCC
0x
6DD0
0x
6DD4
0x
6DD8
0x
6DDC
0x
6DE0
0x
6DE4
0x
6DE8
0x
6DEC
0x
6DF0
0x
6DF4
0x
6DFC
0x
6E00
0x
6E04
0x
6E08
0x
6E0C
0x
6E10
0x
6E1C
0x
6E20
0x
6E24
0x
6E28
0x
6E2C
0x
6E30
0x
6E34
0x
6E38
0x
6E3C
0x
6E40
0x
6E44
0x
6E48
0x
6E4C
0x
6E50
0x
6E54
0x
6E58
0x
6E5C
0x
6E60
0x
6E64
0x
6E68
0x
6E6C
0x
6E70
0x
6E74
0x
6E78
0x
6E7C
0x
6E80
0x
6E84
0x
6E88
0x
6E8C
0x
6E90
0x
6E94
0x
6E98
0x
6E9C
0x
6EA0
0x
6EA4
0x
6EA8
0x
6EAC
0x
6EB0
0x
6EB4
0x
6EB8
0x
6EBC
0x
6EC0
0x
6EC4
0x
6EC8
0x
6ECC
0x
6ED0
0x
6ED4
0x
6ED8
0x
6EDC
0x
6EE0
0x
6EE4
0x
6EE8
0x
6EEC
0x
6EF0
0x
6EF4
0x
6EF8
0x
6EFC
0x
6F00
0x
6F04
0x
6F08
0x
6F0C
0x
6F10
0x
6F14
0x
6F18
0x
6F1C
0x
6F20
0x
6F24
0x
6F28
0x
6F2C
0x
6F30
0x
6F34
0x
6F38
0x
6F3C
0x
6F40
0x
6F44
0x
6F48
0x
6F4C
0x
6F50
0x
6F54
0x
6F58
0x
6F5C
0x
6F60
0x
6F64
0x
6F68
0x
6F6C
0x
6F74
0x
6F78
0x
6F7C
0x
6F80
0x
6F84
0x
6F88
0x
6F8C
0x
6F90
0x
6F94
0x
6F98
0x
6F9C
0x
6FA0
0x
6FA4
0x
6FA8
0x
6FAC
0x
6FB0
0x
6FB4
0x
6FB8
0x
6FBC
0x
6FC0
0x
6FC4
0x
6FC8
0x
6FCC
0x
6FD0
0x
6FD4
0x
6FD8
0x
6FDC
0x
6FE0
0x
6FE4
0x
6FE8
0x
6FEC
0x
6FF0
0x
6FF4
0x
6FF8
0x
6FFC
0x
6C18
0x
6CE4
0x
6E18
0x
6F70
0x
6CD0
0x
6D08
0x
6DF8
0x
6D90
0x
6D00
0x
6E14
0x
6CCC
0x
6CE0
0x
7004
0x
7008
0x
700C
0x
7010
0x
7014
0x
7018
0x
701C
0x
7020
0x
7024
0x
7028
0x
702C
0x
7030
0x
7034
0x
7038
0x
703C
0x
7040
0x
7044
0x
7048
0x
704C
0x
7050
0x
7054
0x
7058
0x
705C
0x
7060
0x
7064
0x
7068
0x
706C
0x
7070
0x
7074
0x
7078
0x
707C
0x
7080
0x
7084
0x
7088
0x
708C
0x
7090
0x
7094
0x
7098
0x
709C
0x
70A0
0x
70A4
0x
70A8
0x
70AC
0x
70B0
0x
70B4
0x
70B8
0x
70BC
0x
70C0
0x
70C4
0x
70C8
0x
70CC
0x
70D0
0x
70D4
0x
70D8
0x
70DC
0x
70E0
0x
70E4
0x
70E8
0x
70EC
0x
70F0
0x
70F4
0x
70F8
0x
70FC
0x
7100
0x
7104
0x
7108
0x
710C
0x
7110
0x
7114
0x
7118
0x
711C
0x
7120
0x
7124
0x
7128
0x
712C
0x
7130
0x
7134
0x
7138
0x
713C
0x
7140
0x
7144
0x
7148
0x
714C
0x
7150
0x
7154
0x
7158
0x
715C
0x
7160
0x
7164
0x
7168
0x
716C
0x
7170
0x
7174
0x
7178
0x
717C
0x
7180
0x
7184
0x
7188
0x
718C
0x
7190
0x
7194
0x
7198
0x
719C
0x
71A0
0x
71A4
0x
71A8
0x
71AC
0x
71B0
0x
71B4
0x
71B8
0x
71BC
0x
71C0
0x
71C4
0x
71C8
0x
71CC
0x
71D0
0x
71D4
0x
71D8
0x
71DC
0x
71E0
0x
71E4
0x
71E8
0x
71EC
0x
71F0
0x
71F4
0x
71F8
0x
71FC
0x
7200
0x
7204
0x
7208
0x
720C
0x
7210
0x
7214
0x
7218
0x
721C
0x
7220
0x
7224
0x
7228
0x
7234
0x
7238
0x
724C
0x
7250
0x
7254
0x
7258
0x
725C
0x
7260
0x
7264
0x
7268
0x
726C
0x
7270
0x
7278
0x
727C
0x
7294
0x
72C4
0x
72C8
0x
72CC
0x
72D0
0x
72D4
0x
72D8
0x
72DC
0x
72E0
0x
72E4
0x
72E8
0x
72EC
0x
72F0
0x
72F4
0x
72F8
0x
72FC
0x
7300
0x
7304
0x
7308
0x
730C
0x
7310
0x
7314
0x
7318
0x
731C
0x
7320
0x
7324
0x
7328
0x
732C
0x
7330
0x
7334
0x
7338
0x
733C
0x
7340
0x
7344
0x
7348
0x
734C
0x
7350
0x
7354
0x
7358
0x
735C
0x
7360
0x
7364
0x
7368
0x
736C
0x
7370
0x
7374
0x
7378
0x
737C
0x
7380
0x
7384
0x
7388
0x
738C
0x
7390
0x
7394
0x
7398
0x
739C
0x
73A0
0x
73A4
0x
73A8
0x
73AC
0x
73B0
0x
73B4
0x
73B8
0x
73BC
0x
73C0
0x
73C4
0x
73C8
0x
73CC
0x
73D0
0x
73D4
0x
73D8
0x
73DC
0x
73E0
0x
73E4
0x
73E8
0x
73EC
0x
73F0
0x
73F4
0x
73F8
0x
73FC
0x
CCC
0x
1188
0x
1290
0x
1FF0
0x
7218
0x
7240
0x
7288
0x
728C
0x
7230
0x
7248
0x
7280
0x
7274
0x
7244
0x
7284
0x
722C
0x
723C
0x
3F4
0x
2B4
0x
608
0x
C20
0x
614
0x
2088
0x
7294
0x
740
0x
72A4
0x
850
0x
6EC
0x
540
0x
72BC
0x
72C0
0x
729C
0x
72AC
0x
72B4
0x
72B0
0x
72A8
0x
72B8
0x
7298
0x
72A0
0x
96C
0x
484
0x
7404
0x
7408
0x
740C
0x
7410
0x
7414
0x
7418
0x
741C
0x
7420
0x
7424
0x
7428
0x
742C
0x
7430
0x
7434
0x
7438
0x
743C
0x
7440
0x
7444
0x
7448
0x
744C
0x
7450
0x
7454
0x
7458
0x
745C
0x
7460
0x
7464
0x
7468
0x
746C
0x
7470
0x
7474
0x
7478
0x
747C
0x
7480
0x
7484
0x
7488
0x
748C
0x
7490
0x
7494
0x
7498
0x
749C
0x
74A0
0x
74A4
0x
74A8
0x
74AC
0x
74B0
0x
74B4
0x
74B8
0x
74BC
0x
74C0
0x
74C4
0x
74C8
0x
74CC
0x
74D0
0x
74D4
0x
74D8
0x
74DC
0x
74E0
0x
74E4
0x
74E8
0x
74EC
0x
74F0
0x
74F4
0x
74F8
0x
74FC
0x
7500
0x
7504
0x
7508
0x
750C
0x
7510
0x
7514
0x
7518
0x
751C
0x
7520
0x
7524
0x
7528
0x
752C
0x
7530
0x
7534
0x
7538
0x
753C
0x
7540
0x
7544
0x
7548
0x
754C
0x
7550
0x
7554
0x
7558
0x
755C
0x
7560
0x
7564
0x
7568
0x
756C
0x
7570
0x
7574
0x
7578
0x
757C
0x
7580
0x
7584
0x
7588
0x
758C
0x
7590
0x
7594
0x
7598
0x
759C
0x
75A0
0x
75A4
0x
75A8
0x
75AC
0x
75B0
0x
75B4
0x
75B8
0x
75BC
0x
75C0
0x
75C4
0x
75C8
0x
75CC
0x
75D0
0x
75D4
0x
75D8
0x
75DC
0x
75E0
0x
75E4
0x
75E8
0x
75EC
0x
75F0
0x
75F4
0x
75F8
0x
75FC
0x
7600
0x
7604
0x
7608
0x
760C
0x
7610
0x
7614
0x
7618
0x
761C
0x
7620
0x
7624
0x
7628
0x
762C
0x
7630
0x
7634
0x
7638
0x
763C
0x
7640
0x
7644
0x
7648
0x
764C
0x
7650
0x
7654
0x
7658
0x
765C
0x
7660
0x
7664
0x
7668
0x
766C
0x
7670
0x
7674
0x
7678
0x
767C
0x
7680
0x
7684
0x
7688
0x
768C
0x
7690
0x
7694
0x
7698
0x
769C
0x
76A0
0x
76A4
0x
76A8
0x
76AC
0x
76B0
0x
76B4
0x
76B8
0x
76BC
0x
76C0
0x
76C4
0x
76C8
0x
76CC
0x
76D0
0x
76D4
0x
76D8
0x
76DC
0x
76E0
0x
76E4
0x
76E8
0x
76EC
0x
76F0
0x
76F4
0x
76F8
0x
76FC
0x
7700
0x
7704
0x
7708
0x
770C
0x
7710
0x
7714
0x
7718
0x
771C
0x
7720
0x
7724
0x
7728
0x
772C
0x
7730
0x
7734
0x
7738
0x
773C
0x
7740
0x
7744
0x
7748
0x
774C
0x
7750
0x
7754
0x
7758
0x
775C
0x
7760
0x
7764
0x
7768
0x
776C
0x
7770
0x
7774
0x
7778
0x
777C
0x
7780
0x
7784
0x
7788
0x
778C
0x
7790
0x
7794
0x
7798
0x
779C
0x
77A0
0x
77A4
0x
77A8
0x
77AC
0x
77B0
0x
77B4
0x
77B8
0x
77BC
0x
77C0
0x
77C4
0x
77C8
0x
77CC
0x
77D0
0x
77D4
0x
77D8
0x
77DC
0x
77E0
0x
77E4
0x
77E8
0x
77EC
0x
77F0
0x
77F4
0x
77F8
0x
77FC
0x
2094
0x
8EC
0x
298
0x
2594
0x
7804
0x
7808
0x
780C
0x
7810
0x
7814
0x
7818
0x
781C
0x
7820
0x
7824
0x
7828
0x
782C
0x
7830
0x
7834
0x
7838
0x
783C
0x
7840
0x
7844
0x
7848
0x
784C
0x
7850
0x
7854
0x
7858
0x
785C
0x
7860
0x
7864
0x
7868
0x
786C
0x
7870
0x
7874
0x
7878
0x
787C
0x
7880
0x
7884
0x
7888
0x
788C
0x
7890
0x
7894
0x
7898
0x
789C
0x
78A0
0x
78A4
0x
78A8
0x
78AC
0x
78B0
0x
78B4
0x
78B8
0x
78BC
0x
78C0
0x
78C4
0x
78C8
0x
78CC
0x
78D0
0x
78D4
0x
78D8
0x
78DC
0x
78E0
0x
78E4
0x
78E8
0x
78EC
0x
78F0
0x
78F4
0x
78F8
0x
78FC
0x
7900
0x
7904
0x
7908
0x
790C
0x
7910
0x
7914
0x
7918
0x
791C
0x
7920
0x
7924
0x
7928
0x
792C
0x
7930
0x
7934
0x
7938
0x
793C
0x
7940
0x
7944
0x
7948
0x
794C
0x
7950
0x
7954
0x
7958
0x
795C
0x
7960
0x
7964
0x
7968
0x
796C
0x
7970
0x
7974
0x
7978
0x
797C
0x
7980
0x
7984
0x
7988
0x
798C
0x
7990
0x
7994
0x
7998
0x
799C
0x
79A0
0x
79A4
0x
79A8
0x
79AC
0x
79B0
0x
79B4
0x
79B8
0x
79BC
0x
79C0
0x
79C4
0x
79C8
0x
79CC
0x
79D0
0x
79D4
0x
79D8
0x
79DC
0x
79E0
0x
79E4
0x
79E8
0x
79EC
0x
79F0
0x
79F4
0x
79F8
0x
79FC
0x
7A00
0x
7A04
0x
7A08
0x
7A0C
0x
7A10
0x
7A14
0x
7A18
0x
7A1C
0x
7A20
0x
7A24
0x
7A28
0x
7A2C
0x
7A30
0x
7A34
0x
7A38
0x
7A3C
0x
7A40
0x
7A44
0x
7A48
0x
7A4C
0x
7A50
0x
7A54
0x
7A58
0x
7A5C
0x
7A60
0x
7A64
0x
7A68
0x
7A6C
0x
7A70
0x
7A74
0x
7A78
0x
7A7C
0x
7A80
0x
7A84
0x
7A88
0x
7A8C
0x
7A90
0x
7A94
0x
7A98
0x
7A9C
0x
7AA0
0x
7AA4
0x
7AA8
0x
7AAC
0x
7AB0
0x
7AB4
0x
7AB8
0x
7ABC
0x
7AC0
0x
7AC4
0x
7AC8
0x
7ACC
0x
7AD0
0x
7AD4
0x
7AD8
0x
7ADC
0x
7AE0
0x
7AE4
0x
7AE8
0x
7AEC
0x
7AF0
0x
7AF4
0x
7AF8
0x
7AFC
0x
7B00
0x
7B04
0x
7B08
0x
7B0C
0x
7B10
0x
7B14
0x
7B18
0x
7B1C
0x
7B20
0x
7B24
0x
7B28
0x
7B2C
0x
7B30
0x
7B34
0x
7B38
0x
7B3C
0x
7B40
0x
7B44
0x
7B48
0x
7B4C
0x
7B50
0x
7B54
0x
7B58
0x
7B5C
0x
7B60
0x
7B64
0x
7B68
0x
7B6C
0x
7B70
0x
7B74
0x
7B78
0x
7B7C
0x
7B80
0x
7B84
0x
7B88
0x
7B8C
0x
7B90
0x
7B94
0x
7B98
0x
7B9C
0x
7BA0
0x
7BA4
0x
7BA8
0x
7BAC
0x
7BB0
0x
7BB4
0x
7BB8
0x
7BBC
0x
7BC0
0x
7BC4
0x
7BC8
0x
7BCC
0x
7BD0
0x
7BD4
0x
7BD8
0x
7BDC
0x
7BE0
0x
7BE4
0x
7BE8
0x
7BEC
0x
7BF0
0x
7BF4
0x
7BF8
0x
7BFC
0x
7C04
0x
7C08
0x
7C0C
0x
7C10
0x
7C14
0x
7C18
0x
7C1C
0x
7C20
0x
7C24
0x
7C28
0x
7C2C
0x
7C30
0x
7C34
0x
7C38
0x
7C3C
0x
7C40
0x
7C44
0x
7C48
0x
7C4C
0x
7C50
0x
7C54
0x
7C58
0x
7C5C
0x
7C60
0x
7C64
0x
7C68
0x
7C6C
0x
7C70
0x
7C74
0x
7C78
0x
7C7C
0x
7C80
0x
7C84
0x
7C88
0x
7C8C
0x
7C90
0x
7C94
0x
7C98
0x
7C9C
0x
7CA0
0x
7CA4
0x
7CA8
0x
7CAC
0x
7CB0
0x
7CB4
0x
7CB8
0x
7CBC
0x
7CC0
0x
7CC4
0x
7CC8
0x
7CCC
0x
7CD0
0x
7CD4
0x
7CD8
0x
7CDC
0x
7CE0
0x
7CE4
0x
7CE8
0x
7CEC
0x
7CF0
0x
7CF4
0x
7CF8
0x
7CFC
0x
7D00
0x
7D04
0x
7D08
0x
7D0C
0x
7D10
0x
7D14
0x
7D18
0x
7D1C
0x
7D20
0x
7D24
0x
7D28
0x
7D2C
0x
7D30
0x
7D34
0x
7D38
0x
7D3C
0x
7D40
0x
7D44
0x
7D48
0x
7D4C
0x
7D50
0x
7D54
0x
7D58
0x
7D5C
0x
7D60
0x
7D64
0x
7D68
0x
7D6C
0x
7D70
0x
7D74
0x
7D78
0x
7D7C
0x
7D80
0x
7D84
0x
7D88
0x
7D8C
0x
7D90
0x
7D94
0x
7D98
0x
7D9C
0x
7DA0
0x
7DA4
0x
7DA8
0x
7DAC
0x
7DB0
0x
7DB4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000f951d0000 | 0xf951d0000 | 0xf951effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f951d0000 | 0xf951d0000 | 0xf951dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f951e0000 | 0xf951e0000 | 0xf951e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f951f0000 | 0xf951f0000 | 0xf95203fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000f95210000 | 0xf95210000 | 0xf9530ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95310000 | 0xf95310000 | 0xf95313fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000f95320000 | 0xf95320000 | 0xf95320fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000f95330000 | 0xf95330000 | 0xf95331fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf95340000 | 0xf953fdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000f95400000 | 0xf95400000 | 0xf954fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95500000 | 0xf95500000 | 0xf95506fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95510000 | 0xf95510000 | 0xf95510fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95520000 | 0xf95520000 | 0xf95520fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95530000 | 0xf95530000 | 0xf9562ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95630000 | 0xf95630000 | 0xf9563ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f95630000 | 0xf95630000 | 0xf95645fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95630000 | 0xf95630000 | 0xf95637fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95630000 | 0xf95630000 | 0xf95642fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f95630000 | 0xf95630000 | 0xf95631fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000f95630000 | 0xf95630000 | 0xf95632fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95640000 | 0xf95640000 | 0xf95647fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95640000 | 0xf95640000 | 0xf95640fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95650000 | 0xf95650000 | 0xf95657fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95650000 | 0xf95650000 | 0xf95662fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95650000 | 0xf95650000 | 0xf95650fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000f95650000 | 0xf95650000 | 0xf95652fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f95650000 | 0xf95650000 | 0xf95652fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95660000 | 0xf95660000 | 0xf95660fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0xf95670000 | 0xf95673fff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0xf95680000 | 0xf956c2fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0xf956d0000 | 0xf956d3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000f956e0000 | 0xf956e0000 | 0xf956effff | Private Memory | rw |
|
|
|
- |
| cversions.2.db | 0xf956f0000 | 0xf956f3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000f95700000 | 0xf95700000 | 0xf9570ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f95710000 | 0xf95710000 | 0xf95897fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000f958a0000 | 0xf958a0000 | 0xf95a20fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000f95a30000 | 0xf95a30000 | 0xf96e2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000f96e30000 | 0xf96e30000 | 0xf96f2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f96f30000 | 0xf96f30000 | 0xf9772ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0xf96f30000 | 0xf97266fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000f97270000 | 0xf97270000 | 0xf9736ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97270000 | 0xf97270000 | 0xf97285fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97270000 | 0xf97270000 | 0xf97285fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97290000 | 0xf97290000 | 0xf972a5fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f97370000 | 0xf97370000 | 0xf9746ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97470000 | 0xf97470000 | 0xf9756ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97570000 | 0xf97570000 | 0xf9766ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97670000 | 0xf97670000 | 0xf9776ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97730000 | 0xf97730000 | 0xf97f2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0xf97770000 | 0xf977fafff | Memory Mapped File | r |
|
|
|
- |
| propsys.dll.mui | 0xf97800000 | 0xf97810fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0xf97820000 | 0xf97832fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000f97840000 | 0xf97840000 | 0xf97840fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f97850000 | 0xf97850000 | 0xf9794ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97950000 | 0xf97950000 | 0xf97a4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97950000 | 0xf97950000 | 0xf9814ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f97950000 | 0xf97950000 | 0xf97963fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97950000 | 0xf97950000 | 0xf97966fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000f97970000 | 0xf97970000 | 0xf9816ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f97a50000 | 0xf97a50000 | 0xf97b4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97a50000 | 0xf97a50000 | 0xf97b44fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97b50000 | 0xf97b50000 | 0xf97c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97c50000 | 0xf97c50000 | 0xf97d4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97c50000 | 0xf97c50000 | 0xf97d44fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97d50000 | 0xf97d50000 | 0xf97e4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97e50000 | 0xf97e50000 | 0xf97f4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f97f50000 | 0xf97f50000 | 0xf9804ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98050000 | 0xf98050000 | 0xf9814ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98050000 | 0xf98050000 | 0xf98144fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f98150000 | 0xf98150000 | 0xf9894ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f98150000 | 0xf98150000 | 0xf9824ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f98170000 | 0xf98170000 | 0xf9896ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000f98250000 | 0xf98250000 | 0xf9834ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98350000 | 0xf98350000 | 0xf9844ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98450000 | 0xf98450000 | 0xf9854ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98550000 | 0xf98550000 | 0xf9864ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98650000 | 0xf98650000 | 0xf9874ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98750000 | 0xf98750000 | 0xf9884ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000f98850000 | 0xf98850000 | 0xf9894ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000f98970000 | 0xf98970000 | 0xf98986fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00007ff74f58a000 | 0x7ff74f58a000 | 0x7ff74f58bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f58c000 | 0x7ff74f58c000 | 0x7ff74f58dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f58e000 | 0x7ff74f58e000 | 0x7ff74f58ffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f590000 | 0x7ff74f590000 | 0x7ff74f591fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f592000 | 0x7ff74f592000 | 0x7ff74f593fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f594000 | 0x7ff74f594000 | 0x7ff74f595fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f596000 | 0x7ff74f596000 | 0x7ff74f597fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f598000 | 0x7ff74f598000 | 0x7ff74f599fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f59a000 | 0x7ff74f59a000 | 0x7ff74f59bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f59c000 | 0x7ff74f59c000 | 0x7ff74f59dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f59e000 | 0x7ff74f59e000 | 0x7ff74f59ffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5a0000 | 0x7ff74f5a0000 | 0x7ff74f5a1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5a2000 | 0x7ff74f5a2000 | 0x7ff74f5a3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5a4000 | 0x7ff74f5a4000 | 0x7ff74f5a5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5a6000 | 0x7ff74f5a6000 | 0x7ff74f5a7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5a8000 | 0x7ff74f5a8000 | 0x7ff74f5a9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5aa000 | 0x7ff74f5aa000 | 0x7ff74f5abfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5ac000 | 0x7ff74f5ac000 | 0x7ff74f5adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f5ae000 | 0x7ff74f5ae000 | 0x7ff74f5affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff74f5b0000 | 0x7ff74f5b0000 | 0x7ff74f6affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff74f6b0000 | 0x7ff74f6b0000 | 0x7ff74f6d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff74f6d3000 | 0x7ff74f6d3000 | 0x7ff74f6d4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6d5000 | 0x7ff74f6d5000 | 0x7ff74f6d6fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6d7000 | 0x7ff74f6d7000 | 0x7ff74f6d8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6d9000 | 0x7ff74f6d9000 | 0x7ff74f6dafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6db000 | 0x7ff74f6db000 | 0x7ff74f6dcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6dd000 | 0x7ff74f6dd000 | 0x7ff74f6defff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff74f6df000 | 0x7ff74f6df000 | 0x7ff74f6dffff | Private Memory | rw |
|
|
|
- |
| zotci.exe | 0x7ff7503c0000 | 0x7ff750756fff | Memory Mapped File | rwx |
|
|
|
|
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x7ffc4b540000 | 0x7ffc4b6d6fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x7ffc52cd0000 | 0x7ffc52d47fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
|
For performance reasons, the remaining 384 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
5a8dbf0cccdfb9cfba41ef35924eee57
SHA1: 884ab42b21353ed4de9e042e7de93c13456310a5 SHA256: 89948352961d83eb56f547b57c1005474f46d29f8e883426e922881884daed5f SSDeep: 48:iQUKMNPH+iOpxi8C2A88Hnq1EWBSgNNH7aLeuTIO4uS+qYegnc+wKzXD:VpYpmvCT8WUEwN0e1r+qYZz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.72 KB |
MD5:
310bce0096c8db67dce6ee89f5ec7777
SHA1: 910242fbda5faf497dc91803ca13d4599f50a82f SHA256: 441e5c75b5e30c676a4372183433593877ecd76b77b081031df6592823db8720 SSDeep: 12:RpqiU+GwlmXtYW65MoPtCQDgnA7EyzNgPxv/CSaR1y8qiueMCkIy8W:/qiAXtjolCWyFIRo7iueED8W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 16.28 KB |
MD5:
5d4e7f97c3f2ece11955f4a007926ecc
SHA1: 0fc61dbaf90ddc65fa0886425a0061e534b093a6 SHA256: d491146bfa79ebb60930aabf8d52bf53b50ceff894ccbfa769f58c54923e956f SSDeep: 384:RS6X/A5XJK7Mhd5RIPH3X02jKUQTClDQHBiBDd+zZEYLecsuL:Y5XJK7e5RIPXX0pClYBiv6EYLeG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 4.28 KB |
MD5:
9b74e943e151edee8676e2b9a1fb6eaf
SHA1: 27437eb933192cdc6eea4a05e9d6c5f75032a46e SHA256: 88b58da76dc07b07ac9c11e479353d569ca46fc59ba71592a2caf0942fde9f97 SSDeep: 96:Zc2Oh1m8rKTwbpu6z4DqE4Q4wSHuk6LNElr5/OIYJCYLGA:ZLOtrKTwbIqSqEgF56R6rMJCcGA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK | 0.41 KB |
MD5:
ff9a310b8bfc40bc3c994b5bf3d4b524
SHA1: 877b20b97310c482f8f2e3235c7ff28ea9619a9d SHA256: 56662159639641b3708f2589d22eb2a9f5964573dcb5038082e3c291a9cff978 SSDeep: 6:5laMXVZ8/qsujvYSsETNy3595DYzYj9Wi6/i7scf+nAosHjHlF1i09MlBDIop4H:KKvJlTNu5vYzO99TfoAjF0vTDIopS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
8c0e38b7694b1c186aac76f0c053af63
SHA1: 2e2b547d74fe1cacb6fe9174f3ef973a4b9acdf1 SHA256: e04319c67519ccb22bdaf674eaaa59ec31d3caed16ae06a00d537bd922a62683 SSDeep: 12:TpopMgqTaBsaEVGeG9vPXQ1jXYabeAOgRkiU5/SaDFWQKtvw74si+pX5+y2lF5d3:TOWdatEVm9Q1caOgRJUhFZ4aBwy2lF55 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
9a7d34692fe58732a1bc548ec0bad640
SHA1: c58b2d849e66b35ef96c66c486332cb7b776f600 SHA256: eb00e0f0badaca0d8a2073ac67581bd4a3d7e3c21d7093978b0619c8d68b293d SSDeep: 24:ILiUpsxcdji4TCOwatd/r1k0NgK+yjysIZjrobIVdM4PPJy3MyilckeDFRY3:ILiUpscdjfttFr0ymjrobWPkMyXDDF0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK | 0.36 KB |
MD5:
3e9e1897b4f8995a416526e97650be10
SHA1: 062ae347cd56691e3373efa06ed539ad5e5351e8 SHA256: 2a4e7d5cfae92db412153d87389be20a456538f4ffb1ade556574be1c56cb5b1 SSDeep: 6:3WXXQvKgnTDEtBZsdSy3knwGg5en+TTUXMeUeiFgqImCd2ujrt+qCrzzjeCE1PRq:Gn7IAdwGg5c78eUe6D1uCnmCb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
04984e83317ff1a0f952a6191df95c73
SHA1: 7a4d2e5e3c6618519b206ea6ec1eec9d7f380e9f SHA256: feafb55bd96cbefe1553b77d24b52f0b3a55a3d6ad756f9a92d9384cb4921668 SSDeep: 48:VLzl2c0bNZ/dgT8dySBcaIDfBl69fDy0OX1xCfYJZ6j46A7CGfQXJADaTvZ7pl:VLzlB0f/dc8dygI9kJRi6jLAGWCQaTd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
77244fabdab452432b0c778287c15c51
SHA1: 2652a839aea263b790931bd1ed26e9d1d097a727 SHA256: e9c626502bf607bbaf3b1d486a7a9caab72a65bdf751b8359ff49c5aa80bbf02 SSDeep: 24:FcWxcHSbIkns1tgsRzkZZEaRdaQtEPsTh5dBBUSh6MS2+v2ueZF3Aj3VFQ3O6IBG:qGIbt1Rz0LdaQPT3fBUADS2+uue/AjVI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK | 1.60 KB |
MD5:
752fadca80c4b5034c3297bfbe480b82
SHA1: 5072e927f1f5cfa9a7b2dd21c516e4ee35e08d01 SHA256: d570c1ed7183392abbfcbedfce9a0c47ed0c2f23f7f33ad23a9ccd367aff9d31 SSDeep: 24:VCMtD+Gh/9fM9P2H7Nt116+Vl9eAko6fJLLfnPlPvrBbY8aiQhrUkfbMj:Vt+4M9ej119VuRJfNPlPvrhY7hrUGK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
6dbb87d962637a43a1018d5ea22582d3
SHA1: 581d3ea976b7dc785d49c8d02aeb7621f924889b SHA256: 0eb4d2b8dc482e5d84e1bffb57da396bacbc2225121ed69f7944c8fe34b706e5 SSDeep: 48:inVE1e6zkEW3hmqk0Rv4A+XKuaaxIlzEoR260EL+xA59LfKbnSwTFu6r+Cx1:yVt6fWRl4jXTZxIOoR260EuI1SGwTFZ5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK | 1.11 KB |
MD5:
72b12150b9e8e6d3f68ec10a822a76a5
SHA1: c92a511850977135aaf6c6e8b1439b3499337098 SHA256: 0839040ee541ea5133d46a629a6cfac2f76b30e6ccbb9a0f63be7ff3237fd855 SSDeep: 24:4Okf0kNSHGzIK/BE8Lle8bKAGHjGL2Kf76a1yUWKPU2uByfOM6rbQpoS:49TdXnTL2Kf76+tuByJ6gGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 16.28 KB |
MD5:
a280d8682c9d8a63897738a7459d9da0
SHA1: 4f1c33ca2ae59c0a06ae549ade411ccfc420c97a SHA256: ef79000f628c0ae436ee676ee510b4acbcf1f3feb2816482c460bb767c353a31 SSDeep: 384:ohkFTkJcGugA5FX/ZAlI1amE5B0JArN0/140BSpp2+S:gigA7ZAXaJACd6p2+S |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 16.28 KB |
MD5:
49d4aed20bdad3e1028d5f6e047a1056
SHA1: f730330066343b5af33cf1cfa45978e542d695ba SHA256: 87ee8970b8462eefbad63a6b63cb4f8c89fe79f611ff5b3699545a7ab1c94d19 SSDeep: 384:mneKtbCcgTG7Zxxb/4j3ldXGPiAjR92eD9jw7BHBPd1:mvtGcgTGNjbQsi4F6d1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 16.28 KB |
MD5:
8e354e9989db795649f74f1040522d04
SHA1: d81dc841f5ba47bdf3e968aa307ff89625479616 SHA256: f66d6b90fdcd86186aa9431e0915f963f01c5488f59808b2ca4b78c21f7e8c7f SSDeep: 384:ESkSc0ixfArEhmthYuHbgEOImGHq+7HI25/5kCiHpXVlHIv:XVc08Ey2YuHbgE5vh7yCypXVlHw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK | 0.41 KB |
MD5:
2626fd1be39722c62f29157edb9a19a6
SHA1: ff01374de5f1ce41962443c61e538dbe10e73773 SHA256: fa6f044f4c6e6fc6133693ecffa77c472d13a411f7ce7224ed4527427d4bc571 SSDeep: 12:ItIBKeZl6bumGA/KzRaJHoon9zTiLU1XUIt6:hYeZl6bV/wRaL9zTiL+XUIY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK | 1.36 KB |
MD5:
99ffdf7d8f38dc8ad9d8b39477071bba
SHA1: d7f88b0b934be2b2dc66a48faefeb99bc52fcfc2 SHA256: 598dc49d018530561347fb87b456b7cbdcacd66c01c37251d17e16986ca1c623 SSDeep: 24:wJbKOyWR2jgVGEuL1TqZB+4Tz7QYZrb38E2qA0qIfmgHphfWUbieVZ3+vCv:wp1duBuZk43jZP1JHphfWU+0Z3j |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
9f4d5cda1dcf4791919c1b081fc4e68c
SHA1: 286d788f69aba17a11ae9009bd1e60196c01ac9b SHA256: 858d55d383c8f3112fa54f77255a777440d50aabca4471638077ab65cbcdbf06 SSDeep: 192:Rbl0i3wdYlwmQ9Tyv4pc4ODYYvNLxQ36AfT4U6MvKnXDzjz7mUjxs/5CnlTl5N2b:RSi3wdswDE4po9u6wZFinXnjzXH2/QW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 0.71 KB |
MD5:
b00ec100de27322f824250102f19ac63
SHA1: a7c91356f45440b332bfbc74a8bcc761a8cbe434 SHA256: 8f5a127cf495511bcd1936f426704ce1a8a64a38dd914e907616f7e9742e14d7 SSDeep: 12:wM+2L0WgDS2BuCPwD4Z/nnvzxcE+aQCGs68twkfdtDlcAdiG288I6wTF9I2IsX3A:wM+YguJynntpbGKSQciiTkPFWs4b |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.69 KB |
MD5:
8e6ef7c7bb987eb4eb3c56526da48406
SHA1: 40693d36241cc03755f4c94d5739383f1ff95d2c SHA256: 642b93b5009f88c22edc925e94bb5189118a5974a6d4c95f80669f6bc100892d SSDeep: 48:BPttb8KzS9JMjggty607Gq/J5B+rgikzUFKglTe+AlJsm:+KEdgtlmPJPkn/Kqml2m |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK | 0.36 KB |
MD5:
1ed18e9f8bc73d62cff87e08c995d1fd
SHA1: 9009aff9b1f3d73fa62dec7e65c272296c66a37e SHA256: c6a0ffd8869fef9285ab74c50d41167ed2236dd23a598d8815ef96841b7da862 SSDeep: 6:exE7WKutA99DWpBu8uiTSK6RoX2v8RuZC5tP7qyo6kNUgm4LXFkTtRBFaGhnhVM:nZutA99ys8uiT16RajRgCbPuynkNUf49 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK | 0.41 KB |
MD5:
7b76b6d74bf8004f43036789597f5c44
SHA1: c9d9d792a550a32ef135efefbf586b5aa8d4d892 SHA256: 310053a94885a92b95610934e97a52b3d533e5326c602a10fe94b54dcb5a34c3 SSDeep: 6:UE1oHit0AJ0BGU0HjRa0+8412JZWBCjsDaGyAqPKkk7T4Ey06seR7n:UtHGXjc0W12TWBCjoaGZWkEsan |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
be9665e4d942e2f71ee29b5d6129b66e
SHA1: f18120e0989309a44f098d8927f633ba4250b77c SHA256: 09c2ee369fa7ba313d1b2fe0a5d841cdd423b90afece23b411a46fa4241ed786 SSDeep: 192:xgGMWjiMiD5hbBvi7ey83cqdWa9OfEVZc8QGu1azt0abxFfNm4/ULl:x2WjLZ7eyBna9aEVZc8Hu100aj/ULl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK | 0.41 KB |
MD5:
897f61d6e8b523178e80232a582b6fe6
SHA1: eb8e1c28af3cbee7e8f5c14d206f2d647e00ab9e SHA256: 08c7b9b569c25bd8ab57bf1a9daa7433ea89b735c10ff60377e3c2b54602e073 SSDeep: 6:naOcTFQslQQ5WW8U264WzV01PtBgWwGBIIunK8tKENij3+MM/rRRH8ea/89wf:aOQ6slmW92PtWVIunK4mN4eEE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
43f5265250440d298f772d227a6cbbca
SHA1: 6f4905c1cfc9bff87c0b58e4b223ce9668dbdc3f SHA256: 1f6677f165ed45d3d52bde62b1c27a78c15b8c84221e9ba02c83cff39bc5be5d SSDeep: 12:rQAeLNI+GvuWapp8uSuurXcd0GDFV2GGfTtYwH4:rbaK+XFS9lGJ3ETv4 |
|
|
| C:\RyukReadMe.txt | 1.28 KB |
MD5:
fa0637a3857a2f258f40883e1cac3074
SHA1: 0980755aac03e8f24f3a040384fc61f43232f56a SHA256: 45d75b8692d29f35b6c36a00477285c5243251e33af5858c538fb80f1b68cbdb SSDeep: 24:iVeUE1sLlHgPsoWIeTt2Ww4OFGdqvWDbbOyxGSConbildyspzRC9XYcsHrDjn:xUE1sLBTwx1Ovblglobsdxu4rDj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK | 1.83 KB |
MD5:
5a0bc7f25bba1d8b3e1efbc2bcdc0b30
SHA1: f27382371836fe9d7e34a2b63188cd084396979d SHA256: 942f2a8e4632dd3ec53938288a33d8bad5b874711a72f7fb01ca42c28b3fa2a0 SSDeep: 48:192UIhLUhSKu8a8IRQGmVJzm4ZtZO5sr1ZZ7dq+Y+84pliL:19jQLbz58IRQjzziCTZ5qHwDiL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 16.28 KB |
MD5:
80af55303cca9f656d6b5ef31992221a
SHA1: 7ad3d884e32f50557bf5cf0c8470180802c77643 SHA256: f252ad4ec96e530f53745bf30dc0933d944742fd512341f5de79df483bda905c SSDeep: 384:ec5Hh4ByZgrIHKWvJlQIzUrn9bmh8iDOhfSH0+tMrk0:ec5HhuyG8HPfQACbv6Oha0z |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK | 0.41 KB |
MD5:
8c1354ca9cacb50b80a8c315ce4de581
SHA1: 9dd8a4caf5cd8ae7ec1e9a4dcc7a1989e6a1c0ea SHA256: 75f5f8b392316f9c40200a4702922f62ace55d607feb72a7c5e6cc80917b11e5 SSDeep: 12:AUcA9ib/tfP2ZDYCxqQRa9OF4EZXTIqev2Yfw:AUcA9ib1fJCxq43DHV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK | 0.41 KB |
MD5:
4b26b66aed2b286e7e2ea4cd5f499fdb
SHA1: b47b8bfb514c172a17cefd07ed65f9d823683986 SHA256: 60e700b0734398c2146f951bd1b745f6506de51d6f1fb8270b0123ab5a76c5b2 SSDeep: 12:77eGVw574RJR2pWqB9xOWgGjRfQtNanqiE5R:/eGVw94R72plB90RaQ7TL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK | 10.00 MB |
MD5:
029143b6383fe86a454616f35803ac5c
SHA1: b62e762d0972d7226e5f8936b7091aaf4b5970a4 SHA256: 52d4516f56e44a01f59e4952992ac95a422a86fe445133eefbb4e8a68a24a43d SSDeep: 196608:DShB9tJnyut0n46J7RgPGb/QfjIC3Qa1oc0kFgbQczUul9NA1B6Vdk6:gbJyM046JF1/QfXAaskFgbQyDlcb6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | 1.72 KB |
MD5:
b3c185fafa76cbd0bfd7c7a0c3b11aec
SHA1: bd2749f7e93dc97b670557d98090ecbb78c82720 SHA256: ab6894bcd74a8ffdc0cb1aa688af76ca4e30755e92018a83e23e59c6e669b986 SSDeep: 48:9MuF3+TyfT3ThZ2BWAdkjv3Of5hNjNfdd41oh:9MauTuT3WV+LWbda1a |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK | 0.41 KB |
MD5:
720f139bcd011373468332faf75c82e8
SHA1: 5f8dca5e8297959ff998c4334b5c5016c8f50028 SHA256: e19a0d270bd1275c99384bc6cf5a4cc0e5267f3ca61937917a10c95d1202d965 SSDeep: 12:zcXexNtagriJ2Ry7qVV2g03AQ98wB41czweZxM:z1tagW0RyC23F8e4AxM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
f4583c59788e702a2ac5caec0c338fb8
SHA1: 131ea416e79ef2cf7123b496187ec4276a2b56a1 SHA256: 6741a5ca2ae4de5615280bf84f94fc659c134cc1eb12929af718a04eb2dba4be SSDeep: 12:dZ90vv8yxWLuvntQJS1csGcPahS/fG/4bd:dj0vv8XyvK/JcF/f9bd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK | 0.50 KB |
MD5:
c0194a4b0363f78af2c8c8bde28e39af
SHA1: 5d514ec45ad0508ecd41d2690e30b636645e5692 SHA256: d2135651b1f7cb3c7e8c0110b5959f1331feb2d1cf1dfa754560c5773dda0a30 SSDeep: 12:PRnn3XPTyoobCV7o38vsESFtvJyURcJ+EvgH0Fjn4X6zR/+zMYre8ZVRE+3:Z3XPTyoMCVEE+vJe0rUJ4qzFwMGlE+3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK | 1.44 KB |
MD5:
c9778d74f791cbc19a54cf6d214b5dba
SHA1: 8eb1e7c8b7abdd680f06e1db9bca7a78380953c5 SHA256: 01ca596829e509b18eb55398f4930161c942d2d027365182773a5132a098c568 SSDeep: 24:i89IOBpIksX0vDgu9k4/2WMkvzQb9dQ3RlhydhnjZKduQBHviKJ2zhwlK4PjMxOk:IA+F0rZ/Vs9dAOJjYpzjMxsq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK | 16.28 KB |
MD5:
496c84cab32cc02a92069cae1f3c9e93
SHA1: 4bdcb563d43d3c5e7131b7bbd935096649729ba3 SHA256: bbd20b0fc3c98b525ab6d8edb4f7c6c5f26da9ccb079de603cd9d33ff37a8e1f SSDeep: 384:h0bAMRrtbyTeNiyYHDB6MtNLNyEWJY8iHNkR8oz:h08CbYMyQjY8iHNk8oz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK | 2.63 KB |
MD5:
2a9d6adbc8463ebfbc41e9213f043815
SHA1: 9df6e5943255e3dbf3eed84f919ed06bd88ea837 SHA256: 446ffb2b447c8311050dbee91b667dff64a4c2b81a203347f7406d6ffa3c6d56 SSDeep: 48:gS5JPduUaTPHBNNAnpNQRFo6cpi0MPKdeCLOqs9MmSwQvmtDVmFdjgY2ngJBPQz6:gS5pxcBAnjAtcZMCdxGSeQvWZmT0YwgN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK | 0.41 KB |
MD5:
bfe4bc8c896ab61ab8c6b5da8cef99b2
SHA1: 755aa0f20e3280002c5385f2266c95a0e603d141 SHA256: dabe533442dc4297e71711e2331054bd3c53699fb428ff1babd184a01f17ee09 SSDeep: 6:8weXdZoR6GIWqwKhx+Ppr+QuipHtvGjgPjVF9QXv9hj2RPL02rDZX5IF2wIcYVzV:8wqZoRXWIprhHPjVOFMbrD0YLcYVzZ3v |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK | 0.41 KB |
MD5:
71462bc52883dc628df5167475377d52
SHA1: ea30e99c4078f3a01a5870f6e781f5243bad6b65 SHA256: 2b8dbfab648bb70dc67a55554aee118fdf740dd9389bd5299a7f4da9107bfa1f SSDeep: 6:COhTLUH62W37pHFUgA5m2FIDP0vD5Moh2olotyUp1iE6GxjwPtm1E9sGpkFQPOog:/J2W965IL0b5MoLqtyM1iE6Gxja/Chn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
c94cc87e57428265dfa381dd00131182
SHA1: 4b663df1d21fb437d3a0e76b284079521d645818 SHA256: d1f325dc199be308a0c7f9c4fc1aaffb1ed76a58af2f58ca28446b76a94a25b5 SSDeep: 48:K1JxrOFI3f5R3IDUdkt6eC0oLQGRtOKI2veVc5D:eJxyFI3MUdk1KQkXNem |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 16.28 KB |
MD5:
09196d3ae7f71c556a36165e6e59cfc9
SHA1: 62b017fc4f4282db3fbcf24cba8ab8adc11fbeeb SHA256: ba03807813bb3c3e12fc7a394a50d57016bbf5e76a1bb14f60848d35d45265cc SSDeep: 384:zFnEpnWUNKjM4Yqhy7w93Q9hi39lAlSGYhvhkBIOBATLV/Epcv+:+IDLY2y7w93UW4YGYh62OBATL+8+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK | 0.41 KB |
MD5:
cf9ed7e0bacd06f2f67830becba4ae44
SHA1: 345f16513df7a04238f1797766a10bd12116e45a SHA256: 1bde1524f167dae98c8fd57c0a3386cb144db1fbf440a05a62860f980d86cbe3 SSDeep: 6:Cn8Rwm1TmxfDI+5Jhnx6D3PCQ/bww3nfNDSMwXcZ0xWQZOWkFocgrIZ5i53jgv:XyQmx7Pvx6D36QlPLZBYOWggc56q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK | 2.64 KB |
MD5:
148978d073daf85a313c718ff7301615
SHA1: d2712091e0f82733684b2902a6f882d3f5018b9a SHA256: 1ba3f6a1b6cdbb4838ff32dfcc578ed6370041e27318ef1aa103206e47bd6993 SSDeep: 48:KvQ1tMBmhZJTvXEj3/9GJij4KP3KjblOIB0ZITBmcfBfIwIZT10k7sbwymw:K7Bmhvs3/3j+b4UBTvBAwGLsbwyJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.67 KB |
MD5:
1f3845de82214f16013c0260afd3c4c5
SHA1: 708220ed1b728c475ebf6a4d19c977494a9d50b4 SHA256: f07e5c76f281a4030019978359f9f55c369430b1eb7c7570c6d95907ae1f98da SSDeep: 48:VL6kh8urietAFhYdQuJ/gqxiIOaoyKIKxE0CswNs5jIlZskSGhKLwMM7QkwRXjq:VcueYAFhiQVMzK3xJCsr5jCZXKLw1wM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK | 0.41 KB |
MD5:
53e6a6d20c84315c083fdd763995b9b3
SHA1: 372e1ddcb509f764c4ae96e07b0c8df6344e17d9 SHA256: 6e5a9efc5083970a082b49cdacd9992a9a53cb151ae417960e9d7d9da1e42da2 SSDeep: 6:6sr6o1aQnTk5ozdJ55lItI9+B+Tlv1btewppbEUA1AroudTOgLf8VLTja+NIUomD:6sL1BhPr9JTBvppgU/9L0VekcCRn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
54e270db7949406a75b693449878fa06
SHA1: 8e5ae13bf38b49639d82194db1499a502fd0ac60 SHA256: ff4b158d8c9270d47ef1b3ffb2cdade1e2dad8da66861f54486a045053365bbf SSDeep: 12:3MC5ZoWQA3AMGhErCzra0GW5EAws2qn837WC/LmMK6nl+gWQpPpQY+XGE:xZqWAThEOPa0GDVsbkfZKPgWQ1pQYQF |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.05 KB |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 16.28 KB |
MD5:
c8d8c83257035fe5f15e0c393b6eac80
SHA1: 96a5f3a4d047621cfb1a0f5c19957815a4368684 SHA256: 7d6eb451c3fdf4f6f8b88a8083d4dcc95e6227b7fa7dbcb1d99468fb37d32384 SSDeep: 384:amu3tBjKS2br1uNTsvZ/AMD3Y/4hF3VIg4U+uDBonq+dcfan6R:amudBjKuNTsKMD3o6+gRBQQan6R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
52999f9c6fb9f1639bb1296510ed23aa
SHA1: 11884d0fec6825e6695b8da04dcbd156692f7012 SHA256: 2dc715398fc8a2c7df0beab3304684561fe6da3e47f90edcdfd395a5f64e4763 SSDeep: 48:pnUsCx48Ut6vvEXOpd3Sfl9FIxK+u7v1cE0qA6QsawCfqPVX3:pUsG456UXOp4fl9W/g1cUQLfqP5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
fb4decf2376a7a8a56a3da684c561aa1
SHA1: aabde8d354e2a3ad2b46a09021c387aa8399f761 SHA256: 1fab73615175e61327f7bd19b3cba626775ac430866725a6168759d41dfdef90 SSDeep: 48:q5nX2KcEMJvXEtFUDE8DotC05g8z2ikabe9Ywbu/gR3ketTTae:q5X2KcEMJcFUDEc+/gA2ikabY1DUetv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK | 0.41 KB |
MD5:
bb1318d2f51f892ea4aa188777e1eb68
SHA1: 7fcea5702b735041bec84ab7bcd694ac6a8eff67 SHA256: 51a00a094a3c6541b6480f6e422c81303f7ee826a81ffdccac5235fa890fe290 SSDeep: 6:4tRRs5m11r3INFs6S3j8qmjRCqoWAKde57mZbT8IJmNZu43HenJlNfGOk58Azp7A:IsbN9Sz8q5Ow39GlMn70WCIebEo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
f2220d3b177e5df924a3a070bc1d887c
SHA1: e786ea7634166bc97189df63a9af38fa50653d16 SHA256: 6ecb1cc79301862a1a4a9ac3cae70f5c470e295ce5fd907171a3a8c1850ea057 SSDeep: 24:P1Qto976XFr1f1ww5ct2ZqPMcTj0N1kL6cMpajsqqyY93NZgp2jfc:Py44z2tt2qB/L6cIajsqNY933tTc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 16.28 KB |
MD5:
92a9cfc3ebe6262674aafe5635ef361e
SHA1: 19a98da4d99a734911c90809f2e8cac7373c8b9e SHA256: 6bde61f0ed11233e1dc0a40a8f8aa5c2e4ee1792c3cc79f2b712ad852c9c559d SSDeep: 384:ctsLMJAmSdl7sYIoR3Vv4GsSYRh2gy/ssCqza3:JOAmSf7Sq+bgj9Cl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK | 0.41 KB |
MD5:
b313413745d1cf377ee39da2b5914160
SHA1: 82a595a77342973dd95dd7a56b0aad84db6e37f2 SHA256: 113394ff8bf7c465d1af4b904e47c54a4cddf2ec4a30b4167a5bcc87f831a6ca SSDeep: 6:Lfg4VDpx7dfxK1uRH0y1YnAoEJT5gWqWtzyqq+BuZyikhvTyo5VIWNpmy02:Rh4OH0ymn6JyW2+BuZyHvhmy02 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK | 0.41 KB |
MD5:
9dda03b038d3686e61c7d40d7ec4762a
SHA1: 453c32e916198faaaff56216a1c3fc0c19ecb5b8 SHA256: 1fdc14dbdd2a0c34bc8c0a3bbde1720d92c78226e3ce1fdb8a65195f93b97e41 SSDeep: 12:teezP5OTZXMsgQiA507xltP6M2VgobK5/hqw:MezB6ViAS735sxbKL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK | 0.41 KB |
MD5:
fe04ddfe4b39b1f0dd5811adfa314c81
SHA1: ebf042ad98d21faea24f1766e0a96439a1ad87ee SHA256: 53e66ec08c94c3687839659edc64c92ee2cba62dcebad48e982685165ca2959c SSDeep: 12:vGLbycebZO8Tr4FL5AtjEUkXhOYy/XtIomrc:vGLEbLTrWL5AtjElOYy/Xu1c |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 16.28 KB |
MD5:
113973c1c3b2426fdc11bdfa1fd983ca
SHA1: dd42ba0a3265fd81c51b8480c46b6ae97e749ca2 SHA256: eb948d84c1bb3de04f0cc00fce46837246ce9e68ba284595e4a120d34a74f1dc SSDeep: 384:CjX6uJIPk6cZ9mReyeAr87JFvK+ASvTOahtYq97M9Vq8/v:CUSUleBJo+ALagA7qYG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
2be63d3e8b90111158de45b4d2fde09d
SHA1: 5d01bade251126f7749526a81e7547101d39639d SHA256: be2a6aa83967a62e83740bcdf6e16bcdd18715c2146b948995d47e7b7c218acd SSDeep: 48:CVzxyaE6X1fit+v8xmRksHcMZmj/WGn36jX4fgoM7/kZS46eKvB70BJ7N:CVz4aESALxC3ZI4FMZS4YvB7aj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK | 2.83 KB |
MD5:
492d95c58a73c1bab21bfee107762df4
SHA1: b81ccad64e0a1561fa326c4bac57792b71298eaf SHA256: c55c1a6eae189541c80c61ff9439a24d3974ffea66f7466612885a032d0a2b11 SSDeep: 48:07FLo9wUWl3BvzCK2w3MWxge9krlhdc0aSWHRYULUU5W2L1GXCC4E:t9wRlxvzD2lWx3ChaSIYULUh25GXGE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK | 0.41 KB |
MD5:
350a5cb5f71468efd09c4236024ba106
SHA1: 42776de1a4e02ec43682e6cbb13fe9e622eaa623 SHA256: d7cd79d324e4656642e877077e990fbda1119d07c8a96a8f4fe2589ca81e6144 SSDeep: 12:/Sa+JeFU9cPqiOBSr7JoPx3AhcAFfUqvLXua27j:/SzJf9yZO+7JOSSSUIDfyj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
72cc412c36c756fe0385ca704ef99a9e
SHA1: 14bd5841328565fff0eff77b558b292cf1cdd9c7 SHA256: b5d14a2c4377215820e0ea71db18111903bf324123110957a30ab9a06073b9cc SSDeep: 48:BkKMsvVKe1KMS8Vl2PoVVbUyJ9rSyF1HWeQ3AnCyXIFxB/:BXjPSlPoVDLlF1fCyX2xZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
d1d0252dff6f2daf498325c8ea1a9b9a
SHA1: b773956d1dc6d9a4401335e2c27e5192def734b2 SHA256: 8939044ac7b81e93dc8e11495970fa2320e24f80dbc4b36c0719a12e2ca9b4f8 SSDeep: 24:Njuho6QrwlR6HRxQ27FRl6MaJBPoHeYqj1d6fp+h/ZtTZDLwqIs2Eg:Nn6EwSH7HFRAjJBg+rj7954q6Eg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 784.33 KB |
MD5:
95f2c5da12900bed58473ed12fdc445d
SHA1: 0e397638e17901a4a85e9179d752ef564f3273ec SHA256: a6efb68654db862dd703d3292d53872e0abffedf576e932402774ec665f7d203 SSDeep: 24576:YLETE5vJJzvXjjdBIM3MSkJm446jpGrfY+Bl:0vJJzvzjf3R44wyBl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK | 0.41 KB |
MD5:
660769dd42a641946cadd10f756f617e
SHA1: 8e3c848f07217d3be8e7d5ebaa3ed2c87e11995f SHA256: ef0c58edc7302f739147b2bf963495e2a96bd490276c2303d0e12e21ed0f291c SSDeep: 6:ZtMv30QSeBGHWEv2kHkvtfvto58W0PtlVyQOpeJXHlM3c/spnA+BwbgsZytiav:Zav30QSupkHkv9+qFE+WFpA+BYFZycav |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
4d04d4d283cf8ee72161d904c6b52e1d
SHA1: 1fbbd5d2e17d796da8a88f8c4d0df11662c910dc SHA256: 48122524643d7a57acc76da2ff7a29e07d4bc84a3c95ddca95c3ab7b9a5aa978 SSDeep: 48:z44Qye8L7F3293JNwlRI+330UHScXddsnRoDO1QZhGY4QmeX36bhsMsw:z445ey7FekISTycXddsBQZ4Y4QBUhss |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 16.28 KB |
MD5:
bb9f5fb787cb68907b25dac51a58ec07
SHA1: 2df36d84b71d8778c65fb428837cf056a58f94bc SHA256: c15dd387060bab5496878fd500c90872e0f575c17362a6723f51b5683b0204b9 SSDeep: 384:CUk43vB09Y+rKQS8U+OZrZwGloyuwxjKQru1LbtGqOn+vm6bn/c:CUlp0CB8UpdZwMoUKQruBtJwOF/c |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK | 2.42 KB |
MD5:
dbdc989ebc175288df25567e6574d141
SHA1: 35a3a154e640ee74323d1784d5a25c29bf522709 SHA256: 265cdb5b26ad8a6f366c102d8887992a80b103a199bf5e38948383942019a93f SSDeep: 48:hFra3ssHnWKoHVi5GJ1JNPUC6TCus6ibPMXVYSWi1vBiOCIc:zOrHnWq5Grz/UjdiAVYSgOfc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK | 2.67 KB |
MD5:
1e5cd8013147a54bd3a517a6ef645641
SHA1: 0eecb08bb574fecf311e136728811f53f4696283 SHA256: 1a4a9fb770a2aac8158ab3b863c2618337be450cc389693a4bdbcb3820d3225f SSDeep: 48:ZD4T2uzMxJuEpPiVGWLWx+X216KeBS70ym9AEZBb+11ttIbQOzXr/kz:ZU6ukJu1Lu+X2167S7fm9lSnHIbQWr/q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK | 8.28 KB |
MD5:
939f5e483b99f1d950c1af7d64c2ee61
SHA1: a5d960f7fcde6ef8e0691af983b0f8761a745e3f SHA256: a01540153f2895001dec437796a1e7086cf37af880dcfd10230773b15102bfdb SSDeep: 192:vcFy0rnut9b6rTC6IlABo9sa0zRC07KVpwPkp5IaS+djL+cSF9IoDU4:UFphMvsauGVm8p5IZaj6vF964 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK | 0.46 KB |
MD5:
74b1dd76b67464adcf5e839d8f9bac4e
SHA1: b1e0a3ab0e13d7504329ae90efa15569ee5347d9 SHA256: 7187ebe0df8e255d964921f0ec6f9703cfd1f25600b6dfa85cc6af5c3415eacf SSDeep: 12:c8jhkKx6ufyC169iv7twiTvL7shRzat91:rOq6e1gfi7L7uRAv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
0b58e672201877415e53a45c0af4e5b5
SHA1: fe7c8e6ebd9eb2660cf0549a023cd63edb1d6972 SHA256: e9adec0efbeb47065822523337c031bc60e1a7c16b93ff609d11c777018afa6e SSDeep: 96:mQbqYYRVdSIJ6mnx3YK3/aI5KmDWRoIYZ+9zRzWoNP5W27HDAgffB1abUPA7AiP:mqqZVdHJDnx3l3/pi17PwccgfZ1abNB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
648dee50c826b458787c577263837f74
SHA1: b16ed45419ab89023e4d852df40f8d27c529e924 SHA256: 05bdd6573f70f0ce18342d71473c0623ec27123d169ad34a1a9f72ad0f41429b SSDeep: 48:Z7KOOTaX/r/iL98CegLeFQNReuJBcAjyzHIVl/yieuv:QOO8/Em5AeFYReecjHCeuv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK | 0.44 KB |
MD5:
fb505abe88344d21ffafa9303772837b
SHA1: c8d88ba934dced5a18a4d7eb3b569fd2ebd73d61 SHA256: afc3a5e3efd138967743381b0e6f6b6e235dd1c28c514aa8ec68fb09d3a05c7c SSDeep: 12:Pe6cta7tVtICTeknwgDYgyNbmkleuy06gGVxYn:PeLa77SHknwgkWz0jGVxY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK | 2.64 KB |
MD5:
9de2b061032d3a1e9e3d18f22d7457b9
SHA1: e4590b393a962f5ea1f12b2df7589891fc6c945d SHA256: dbe74a24ea05cf2382d399ff4a1e40c6e922ccf320910aa2ac98c177dfd7efe7 SSDeep: 48:RbqrJ8yaRlDSSCFRQ/u04Bq/ce/l7KP3+zwlU4ArtMjNVxBEnGKUn/qgX7nYn6bQ:Rbqr+bItq5lGPOzwljfrBE6y+yD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK | 0.41 KB |
MD5:
79df0dc76b1d7483be90a72367373113
SHA1: 0433c0bbfed1fe61ed09b41b518c96c948696cfc SHA256: 1f5fda8f45b17817c46fc636f13404bf9cce7763585b3beae51e4d1db134f698 SSDeep: 12:4CrquXyiJnrHjVBFtw/DAAk0mBihh8oRd93DQ:4qXfJnjxBP2JuvoRfU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK | 0.41 KB |
MD5:
cb86281727ea3943a558084b19f55123
SHA1: c0c21cc7662337b283862a09b3b37bb2dc598e90 SHA256: aba72fe58aa17accaa77bd9dbef02c880c23dd580e52ab91d06a15e13d5e0704 SSDeep: 6:+7gXCdlLuuJF5/0dADs+GdRszKlhCL6wHMZDfwgFq3xviwMXdYEWt1COY65c:Q1Lpf/VDqdrlhluMlwGwWd5W+OYX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 784.33 KB |
MD5:
90a2e4498f6135d4babfe250358578da
SHA1: 47fc80a76370b3071d4049b655c3bcb4eea6842a SHA256: 5d3567d7e8939ea60b3e5ca5f5f2d44356d24ba4b2c4545d391ffdb78311f9b1 SSDeep: 24576:qrofIkcxN3mW8bMVf/pGjW2BxybQyvHd2QbT5T:qMQ33mW8bM1/wq2B8LxNT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK | 0.41 KB |
MD5:
4c990e65ee2cd50f38c36f62c3751eec
SHA1: 578d595a782ab93a29b964ab645cef29aee90c5f SHA256: 2548b0c34e6a1eca11d1bb6a1746045bc6c9c31ec6f7e595268f7bc534573b0b SSDeep: 12:b1rY+uH2DnPliAOnONizytJQG39HdthXKl8Bo2V:bRI2DPl1rJn9HhXKKu2V |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK | 0.41 KB |
MD5:
285b49375336c31e3b10b8cc7522b7f7
SHA1: e9846fdeef152bc41c99bcb08212b9379ca5fa7c SHA256: 2d5ab8ad7e06796dee978ed0bd04c4e4de8ae32d837f44abe71de48cb5386b01 SSDeep: 6:JvmlPTkqpgiXGTdc/0bca6CizNwSxVcvZOW8BRTfFIcd707ixctcqtf/U5WB11bA:klLpZXEdccYRbpNDeZOl3ICCv/GWBmUi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK | 0.41 KB |
MD5:
bf9ca786b74ef58a3ad2634e846753b2
SHA1: 8554cbde6c0141a9afa5d9eb7cfd967dbf689c2d SHA256: 780950cfd48e0eef042f6e145b1c0133f2d6c7d80710b8b5c7b83ef0f650a4c4 SSDeep: 6:47hEJKgmO04l4CEli8tpXDtiTOEWV7FiZHoQgPLoWcKKhcBBjKjNqtjtgAYDgq2o:VJl50YQPtpTt8PWCeFLoKKWB/jMhHL9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK | 0.41 KB |
MD5:
6b3817a926f64c8492855624a29a004e
SHA1: e9c7a2d88e305bb59d5ed79a88d72bd8a239fcd6 SHA256: 1b03b2fcc46b2b4213e714f59fcb641419bc35772ee271e32f4e963fbe1b12ef SSDeep: 12:G3MS2Gx3gpx9sAmtc6+Icea8LneRKc7We6lkNvyS79VeDkd:G3MS2GxQFsXO6Ike4tlkNvyS7LeI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
52165d4f97524bc73bab34f69e5f0130
SHA1: 0f483d6d9a0c0aa86b6e64a4b9be7fdf8f948644 SHA256: ebd00ac3f49456ce37f99d75aaa8e74951ea1d32eab4e44b13ed7caf68c07b33 SSDeep: 96:4vzAXkOWyiHd9QPrmCom6KgNeqRx6FTYRMmd5l7x/ziFGa8sPQmlvNKZOyQC/Q:iQ9yOrEXeqRx6FYXl7x/+FVhokEOG4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK | 0.41 KB |
MD5:
154dec0b3fda6ff6e080e361779f9418
SHA1: 00787022c0c3123160275a73e646c9866136feba SHA256: 6db5a2c81b36329e7684602c052f335d46d6ee6d076de16039a788f031cf9d97 SSDeep: 12:Qu9Ug8/hxQ2wptwIjIFio24neXnzAEEv2/:V9UtzBiycIFioPeUE+2/ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK | 2.39 KB |
MD5:
4bdc3598145ec973e4db8215601a6370
SHA1: 6e3ed67dbf72b0b9ccb0950fb530c9b4362c5292 SHA256: b4f2eba0706bcc5fc0f2644e62cb28953f38e7bd8a2d63b1447aa647750f7963 SSDeep: 48:fXg9Bd4oAEJW5Tks96zOvKdz9pHPhhkMH3aCmpDxWp9T0QVi8E4Xc:fXMd4wJW5bKHPhhkMHKCmBxWP0SE4s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 16.28 KB |
MD5:
12a3a8468899ae4fb1ff2886c32f7138
SHA1: f41bdbbca2d8358fd9ee3949deea1c6486cf6a38 SHA256: 21402673b864602d8cd36b27898cd69cefb37962b3d1277cf1009824820de193 SSDeep: 384:2TYblOeyap3oVA3HW+LG9EEO8O9Zb8WuG27PrMNy/tL:7lJxNoyWmGUbVuZ7wMtL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK | 0.44 KB |
MD5:
9af8836eb2cbe793fbe2d7fc9eca4a40
SHA1: 6ab266485e1278c23b9cba548bcea91878f5214d SHA256: 31774574d99851c4973356d102de9a7158c074d047dd569fe1bd738c4a521596 SSDeep: 6:sypUucT0zZbOjT0bhLVl8W3ooGTmv4mCki+rWTxeAunb6yaklWHeULOEQ+eIn:n3HzZbMyFLoohvSk6cAWb6yakY+UjL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK | 0.41 KB |
MD5:
b6fac1c69937387bab7ba1006e98e029
SHA1: 9da4d1918aa42cbe0f4cf3a0b91a732a28e053d6 SHA256: 1e19f6ac4217fef68d7c7f35a727fb20c337d03138052beedab26c784368a439 SSDeep: 12:YymV/qGve9UNTE9Vwmh6I02ur7W5G3wEvJHB:YHV/qh2u9VJP0/rS5ewEb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
6f45a70523a04b4a4b0fae69bf99c8dd
SHA1: 5128ff3caba5ca6ce777d522b5a44db9d28a65cf SHA256: ae6dc037c24031db07056f7185bf3208c8cc755368028d1315a6daa41be320ca SSDeep: 96:4yBEgu6YUE2rqrIFF4Dijqwo/LNxr9kIvRE1tTmK5qFg:V8OiYuWDo/5xJksRGtT5L |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
d710bcc0c380a7006a7a972df300c940
SHA1: 31c944a9ed8bb9d8372402e35008a47bd6b613c8 SHA256: 77d00168f976eb2c11a21f62226789e5431995c9efb4820d15b4dc12c2d6a639 SSDeep: 12:kPBZg2ILGwLR79AF4w18GLAoQh7glJ2fCJES5ud1HihfJKOOM+2bP:WBWDFKpPQ9K2fCWPrCjKOPrbP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
f0897a7a54fd3affd7b66f91090050c4
SHA1: ccfabd1d77f7f51849c8280441cb7a0186562f22 SHA256: dffd7959987fc6c4e3afeff219bcd5b518fd468d5cbb1d90b4e6cef4e8f4d9db SSDeep: 48:IypcGBz9HECDsQTLW8NxpnngRlWMRv6sRrCPRb9dBnaHHX/G:ouZkCDsQ/x1GisRrCp5neHe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK | 0.71 KB |
MD5:
d2ad0fb44819d965da98b741894dbc9f
SHA1: e0846919cfc513771a51a7771e4797b2e950f351 SHA256: 8f4ef08ff5ede81c56e574565df1a225caeb0903da7753b522d4da6ab7a1c857 SSDeep: 12:Cpzjs2lN41e+3pwFy7OzfV8iZ6kXo4AUOXDYZA4x5ivsgXE1kiJBEY:sns2lN4/Ox8iR4jU1+vsgX0TJBt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK | 0.30 KB |
MD5:
d5f76ec42c89319670e43df91477467c
SHA1: 0ca62bbdfd1a5d8a9dabc3b6a62fc6d9a6a50bf5 SHA256: 13556e3e718a993d78f75149e44fb0d9b49c9a100874b2d594a01d427a11dc14 SSDeep: 6:j83dO5VZluhpSezQjyuDoXhs8jVHW2JsIlCRw8q7rA19HXL1n:o3dOvZlunQjyuD8sUwzIYrIrA1lJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK | 0.41 KB |
MD5:
b386af410192b88af513ae8b485270a7
SHA1: 5a72ba2b5682ef3e390d7bd1851e18e29a46d49f SHA256: 3dedf987e02209e45a0d23f926998adf37d1bb3766b6ff2f9e38fafc46d2bcd0 SSDeep: 12:4O7is7G4CCigJrMOnIYVENFbGUXcjhkZtFrmBS6j:DBG4BiaQNRXcjyRyBj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
8bf58f675186a3d01cd87096e02d2904
SHA1: 6e479f7a85b86603fdb6dda90220e5bef3274e4b SHA256: c1bde4767cbb559ff635a13fbda741a2d84073cb6e72b11dd7a689c64daf4429 SSDeep: 12:P8iVDd4InUgb/QRmNFZfcVPapv8te5RIkRQK3g4iAlmMafQ8o3aG:NVDaq4mzZIiHRrhpBl31 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK | 0.41 KB |
MD5:
7629a12eef49800a328e619448e1fe07
SHA1: cb657c65e6c9ca07cf539b3f135b6b44d24cc7f8 SHA256: 770f02ef462c58e8c1fbac9be2dfa70043f9ed04bf388e2b05a99495d68fa727 SSDeep: 12:nDDEs7oqV2mz35ztsocrMAHmVP2JzjP7tEv:nDDEoZj5irtHx9tEv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.27 KB |
MD5:
d9a3776691ef46f21fa9e978105c6e9b
SHA1: d3d01c188811334cd6c1a5e610e71fe5bd5e037b SHA256: 8e1ef41d2047db0fe8d0d85b38ba6d6ca516ea1284e20c1ec4373cff42cfd6c1 SSDeep: 24:T7KdZCwBK2aUQMicwiutSnO3fqljgy/7zGbVJw/A7XU6mGn9:iXCwESQMhwiKSSyPGbV2JE9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.42 KB |
MD5:
10e25a547f7b3cabb4164258d60a1c23
SHA1: b7f99d0b01e078a6a1ef2482dd84edc12786f637 SHA256: 5993f204ee9c29edf264ff80a81d76a6602305a7cc2ceede45a177d64229f839 SSDeep: 48:hWEjaOladIbu4dTTz3X8mPYxfmRVa57bgLtW7G6vwmXHxT8fSs6:hWE7cdSuoLn8VuR0T7GFmhT8S |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK | 0.41 KB |
MD5:
ecc3604008f93b30130c986cb447e7f7
SHA1: 5e2da6f95873cf812264ca8dbe796660adee7440 SHA256: 76aa3120b15a65910d35226ca19d16ac52597748493accb106a47c74b372fc11 SSDeep: 12:wCQT/5Hwqa3JwZ69kSWM7HEbRGmacAPT4UPNd0mXzdeyAw:wHTBHf6JwA+M4b9A7PNdJeBw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
a0ae83d0475f6aacfbe71322e94ab9b4
SHA1: 0974b5d847a3423d1b59c6b126c108fa9e3f40a6 SHA256: 72727a49a0e782d716d9bf7130b9072532488a5a81f03c7c8f7db85eb6c577a0 SSDeep: 48:Iqd8pz/VHIvoPF5rkiWX4TSDRKfqI1gEnNCrHpYyIb:MHIvqF5w3ITyKN19Nipfc |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
702aef55d4213f91cc1c01432223f600
SHA1: 966746a354830a2b728eb006130e2555b9868a9f SHA256: d74ec45c0cc70afc3a274682972e41f8e86161fc6294cba467f1b7ec7bbfa365 SSDeep: 768:qe6gt6WFO4F9Nm1YCUvnuYDf4ov4ZsTwkhD1R6dTSXUczJE7U3CPljfXcawWLaQ6:qexPt0kvnBfUsEo27U3gj/cRQXQhmjU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
0451cd8e5ad3e3ce7cd51607ba0b2edb
SHA1: 15abdd04867894e5ad06f94c483d8c82e582ebd6 SHA256: 389b55b662032427e0be1b02fe15360fa16b7ee85cdd5362fd3d9c3318c23e61 SSDeep: 48:aU3il2X76oEUl0cWqu45QDZ+7yJMlXWh1frSJ1zgsBqutluQ4:aU3i4mTLq9+Z+BlXWh1fszgyluQ4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
9bd5df84207eb6c41650ed6da87b4a3a
SHA1: a0f8d78bf5e889bafe75126c0486695b0ce018f3 SHA256: c01616bd776e84c888e1eb55b0e7d15b566193d91f7d61ba0896370b495c77fe SSDeep: 12:Vgz3EO36ZNc20PR1yVl9P3FTc7cKMsi+YZi2ZY9S/8/Jn:Kztqo22R1yV3vZUMsinE68x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK | 0.41 KB |
MD5:
80cb14e8a1a2b23893be7dff600837fb
SHA1: 2850bb19aeb721f46f7ae97f9c3ac5a944471e26 SHA256: 412f526da238dca1b6ff322da07b5acccb3c44aae3ae60e1ecc211b95a7fdd12 SSDeep: 6:rJEBtItuK9zhvqlD20h7kdJTWvso7+dttfmU9Upw14od9LEn/eCpTKC9MEU49UfM:ksuK9FCdWdJTzo7wtttBVE2YB4f3AD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
43857b91f40a580765dba15b43a24993
SHA1: 54ddb105e05d3f2173bd3f483c356edaf1ce5e6b SHA256: c760b60ec2cc1814193f3fa77dbeb6786d64fb9b0caacde16379f079a4f93bdf SSDeep: 12:w512u2OXqCpHrdo1rRjXUm4nhvju/dc+2NXSpgkcZLyjWjLBp:wZXqIdMVL1Mhvju/G+2N6JcmWjlp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK | 0.41 KB |
MD5:
35a19702037a706566f310a887b43c25
SHA1: 5dd6cf95941ef2a6e3f99d57d43fcaa15d5f5ef7 SHA256: 3b229e6a98e6c411a63de597896f58d5e969c63f6d5e40cd27ca8ea6c96c67b4 SSDeep: 12:Nb73AzlEK5piQeNnAt/awgtIt7c4gwae6cx:RAze2gNAN1gtIaFw5x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK | 0.41 KB |
MD5:
b3f85e51c8a34634a008fe6dfc9c5914
SHA1: 51e418fe13e612516c19a874a8d7af9c732f19e0 SHA256: 6f3d87f86129aa5ffb1f0acd475c549593fc5183ac18093960dc13a211be8179 SSDeep: 6:5Z6+GCyLiBYAn/mTkla7ReueoEbmLupt1mwEfO9yBBtIctzxt9oMpyu4vBjJn:H6+GxiBFviReVaLmZIBBBtIcNxfX4v7n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 16.28 KB |
MD5:
3dc217c394623f6347c4cc2d1c04461b
SHA1: ca1f61e3fcdecf8e4da8dd1c00a961c166e850d8 SHA256: 943cbce40b8b5de4fb4cf40f17559fbe67e9749ce5ac494ade32194fbfd3a8f2 SSDeep: 384:PblSCnyjLOTxgMObnlqyeWUU1tHSrTbNqgz6dey:DnSsxgMOblqyjiAgu3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
af9e225f5c805ece5624412234903d0c
SHA1: 8a68be8c3106c088d9f7a1daf3da956a7df73ee4 SHA256: 7eefc929c7a5a291eeabbeec58c666f2a7045e6fa2f9adf337d745123a9343e7 SSDeep: 12:QvA4glM8zY78vKc3EQcDdUNFDShSQ9dKKhhjc4Q2kHjEZzPGB5QhM2IYVGgj+ojG:QYtlMUY6Kc86Dc/9dKKzrpawPs2IYra5 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
bf3e8cf77d7e4c61c060a656634bb1d3
SHA1: b89cad86cf0d7062c9bfcbfcc5c97eba63363bc4 SHA256: fb3ea50e58762538170de2cbaf4cbc808572b8230c8ca92325238fdcc229798e SSDeep: 192:LQ94zj7t3Y5zZqu/3kkE8LWo5PUyPq5FQA5nVWpqhX:Cw/t3QkkEyCbQ2x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK | 0.41 KB |
MD5:
b3336d741499b7751de89c91a3945822
SHA1: a1c4d3fee482dfae56bb5e3db160eada6b438360 SHA256: 6ed2ded9b8d9d55699347d7e5e2e8e2cbb5c122693410ebc0a59ad7ba7853fd5 SSDeep: 6:MyDrub98iS0pwKr+/46PDYgPZxv6G7A6mPRp8p7nHvrOsAk1smebTT00/kOawQt9:ju58iNdcYgPZxvlARp6p7nDDA4evAcJ8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK | 0.39 KB |
MD5:
a37e1f85525fc3dcb18ab17629e31b90
SHA1: 85c2f813d70e841fb3fd4b7a3e205e93843944a3 SHA256: 7e006f2a421f14ae365e707accffb2eb3f895f56be1ea8ea43a6759be2ed4cc8 SSDeep: 12:KJx0Bbc4f3fqJ5/uksyn9XxeeYDSdhZV9zl:SxKiJlJ9XMPD2D7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK | 0.41 KB |
MD5:
582b5373e9adc3d3e6890b204266f7bb
SHA1: 880bab8d42c6fa2484a596e2bc7994292e55b2e9 SHA256: 930e144147c4519f5b42bc97aac98bc6859eb95c7e9753382310b68059f2d786 SSDeep: 6:sL0ILjcm0t77Yl8pQPLIuc8xA42AqJXVTsZypheD2dlZuAqnwYJmP3O:sgIXr0t78gQPLICqQqNVTJluAqnwM8O |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
685ae223a9d670a6e06a26b3dafbc8cb
SHA1: a6aa2fe1b5dcf4511f636b97c1a5a21cc5b8a583 SHA256: d5257ab4158b4e0aac4ef185406ad52792a498bfb4ef4917d05101a25769c46e SSDeep: 48:8TzdGgdIRKhocOb48k7Y/lPIoZJLnQsrvQzYbfsilamI7ekKzEJ+3ypLZAJmX8uY:UrFgOwZZVnQ8vVfsiUdqUJEeK2P57yt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
8f0bd2751d8888a0c3091cd76b37546d
SHA1: 27ac87845d4737571358c527cda3fcf774f96b92 SHA256: 95362dc49e96d0c6d1acc12c5f1b3ec48f08460c0c268726d95176ad7f473b21 SSDeep: 6:ezw9Cd3SYL6/KQtv8POKK2NCVfwF3I+/aapmT9vR17v6XLENd8j7wVRYl27Bgzx4:eCCEYotvSRooF3JCOmT9vTpk7vxETv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
e1ed4fb520fa9410fc3c8efca74265ec
SHA1: 1c1a877cbb077f6b92c0f0d01c4eea2a8aeecf08 SHA256: e0f78f776e1b4de63537b1dd2798b900d054db03b45a71349818e42daa4fc852 SSDeep: 48:fBH1NaYMppJLkuFXTsFUB2y9g/rew5atT2EFLh8j8s8uZcKq6bh7Vwom:5VsYPu5Tkgt+DeGatTnFhI8s3ll7Vrm |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 16.28 KB |
MD5:
0b6a2c3f4092cb37d838c5523bfbbc47
SHA1: 4cd2dd6b349dc67ddf2f828baa6e07f84e574cf5 SHA256: 9d669000dc09e385f6efc78f65dad4a51abbaa03f215790dfb8a31ed7bb029c0 SSDeep: 384:LT+zVa9px+mMoIEjXjQgnlnEJr27KDAj2JSZHpTEokQKM7x:Sa9fsHEjXjznZi27KMKQpkA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
c824da5e042f3957d7ab654663bf11bc
SHA1: ce15d10dff28236f795e6e9af5ec5a1aade2a12c SHA256: 19a055c97665e55aebb8d941939cb8f69f66050180ceaf7efff20d699d8273b8 SSDeep: 48:RuazFyYXXJUW3zn9anYIxL0L/LhIUjNAnVSxBG9YoAJem25:RBzFyiOWEYVWTVSO9YoAwm25 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 16.28 KB |
MD5:
d2d38885dd49b2b6f642e87064b7fde2
SHA1: 26ec60a3a6ea4aa47dcb5b06180c57ba666940c1 SHA256: 1758238f8144547d64112295f0cef1d5fd8cbd83fe637c889abdb2a0bf1efd2c SSDeep: 384:JBqCk77o2+F1orwu4gbMBeQ+zVbsc6Axyf:Jy7o2S/bBZyVn6A6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
ec6bdcdf00230fc91f34cbc500a50be5
SHA1: ffd0a3348c159606ce8f5cd7e6e236e2b14abd4e SHA256: 4ce5ae7bdc6692b854dbe0aab69650da1f1e0d1fbfab3c7c4e94432a54310da7 SSDeep: 48:UXYQswMypu9Ksnikh4Yl9TSgc9tEg8XqclyAqh9NrKPuoZG+/Q:Uhhzpu9Ksik+OTSgc9t8aEBqh9NrKPu7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
81fabab16451653a28ebef487db022a2
SHA1: bb820caecaa3c39f6e68ed754e86895370337b42 SHA256: 9d334b7737a39a370db1c87ccbee2fdbb24770320f3fe5cb6ab4436c4bcdd841 SSDeep: 48:tiHTazf4lGiD4Ox23bqOPZJQz5SH+MIN7Sb85s+IYd:OGzf4siD4Ox2zPZJc5H24f9 |
|
|
| C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK | 10.00 MB |
MD5:
83f9060c4e4f5a09e21fd91393da6d21
SHA1: 052b35ea11fe33b6dc01b8447dcf9fe139b66b18 SHA256: 148774551c19317a2c577572ce16d8ba8723d8780750f7718c0d9e73124ba216 SSDeep: 196608:F6aPNdKAVKIQtgzY9EyjVx2YxWCqoM4ffR/uRVr8E7ejFul:FRjKAVqtgzY9dWTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 16.28 KB |
MD5:
0f2f7d3974fa9c24e7870bf7740b22c3
SHA1: 1fa5bf95d8050d8790c36e1205dcb972a06d9ce2 SHA256: 0cf59335bae48f528d795d1c0c49e600214c4ec5aba7be76befa30f58b1fd124 SSDeep: 384:Xq00gJbVRG1JO3p/DKQWz1kq+b/3nszn3FlDzQH9fvr:XL0glVRGP20+b3sznQH9fvr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
a451dc4df9d263df1d01a3f5551599a0
SHA1: 7bc83ef2a6c74eaacfa38c146a278234dce9d2f7 SHA256: 6c1cf2e05de0a94c29e84ed5a8414c93ccbc163c1eafd90a14e6ae1b433de3c7 SSDeep: 48:aa71Sq5iP9QPchgrXHIS5UfxNniv0sgQKOCzD1evcrTfyTFP:dl2wHrXoSoxkvv5CzsEnyTt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
777316fc48e1857257e66ecf6715262f
SHA1: c082d854b8bd43ce1c379dee2979ad0ccecc7ca0 SHA256: 668020e005935cba1e277a0242df8ab34fd742fef50676dd14fb3d25454e137c SSDeep: 24:B44AqzxaQ7gconPQc/dczojk/RcUHHsIGCFIAL3IuFT9ppZo8IF3DpClyv41B23K:B4vqFaagco//drA/RcecCTrIuFT9jZoo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK | 0.41 KB |
MD5:
42ce4be818377bd65e970f4749562abc
SHA1: 028c68a48795066f6a0ec0a86f97db1950b97c2e SHA256: ad538458497141aa1a4f13e47742d4bc870eb7223e61c01db66d56a23be6cecd SSDeep: 6:8eIPxsSkopot4EV6FffSsrOFl6ZAWTXUKNNsKJ15+dOiuD3C0UX1Kns6lSx:uJzXGPLsS2AWrUI+KJ7+dODO0UlKs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK | 0.41 KB |
MD5:
53c971c11a197483cf3e854f5578b030
SHA1: b66341b360c29e02535890c7c003d7c947975396 SHA256: c1dec170ca8681be4ba886f42d5719e79eea8811dd2b24e60522dbe99ff418bb SSDeep: 12:eYERfNWkyVjhJ1A02CXkDnHHKDhgXR6LJHinjYk:eYERfhOjhTn2GMnb69HwL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK | 0.41 KB |
MD5:
6cf57aa8093cb78a9c0dbd1cef4a5b87
SHA1: 081d2e9544e4305341f9d4da9b647f9992ddbcde SHA256: fd1ed3b5864a53e645b96d14cafe618d9a9b24b13358531104ac6159932d4e6a SSDeep: 12:UdntU68Xub9WWZclUDszAoeUgIBFUPbw9Wcq:untj8XO9DZ8yvUgpbwsf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 4.28 KB |
MD5:
495fc4c3037e26ac0b8d748bf4053f73
SHA1: afe563ba6e23bf69c9000669c10e15d51ea43ece SHA256: 20e2f95b3bf91acd2209a9db6d6b450ca90989130189c9d2753c1911fdc33b4d SSDeep: 96:VKRBDOg8xmyx11EcWCtiOsrh4nclTraSV2BNGZTjRHg1/Ep3W:ARBD38x9j6VCwbuERxg1/E9W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK | 0.36 KB |
MD5:
65deaec14db12ceae117df46bd445d57
SHA1: a85a8df49b09a729a22a3754b016f63bbdf95dc6 SHA256: f29c68a4ba02189535302cf2dfe4c476d1afbd671d8361ebcff5e2933233cdfc SSDeep: 6:AJlQ822C1pA3VOEPSGbgd8U1AkJBcnTndgrGyydSnFx0hYhTOBZ7Dhk0iZ/RaO4V:AJW2apIVOMbgd8U1jCnTnSGybnYihuZV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 16.28 KB |
MD5:
5ba99386d83aa5d5d1421e09d94cfdf1
SHA1: 6e1444ac8c5611957809dce09d962b9d45790433 SHA256: 5124c4fb80afd1540243c8a8d7d032e97d74f4fd051d5c21d5be89b2e7f58c50 SSDeep: 384:JT5D4BNKlm6UdARaBJr0MHBDBl4xfdBYPVjI03:JtDUNKlVUdMaJNBl4xKl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
818524c9fb868422fa0d98f7b64df9ad
SHA1: 02d9737253c2690c6cfbfa2260f46be87ac27b99 SHA256: 2551ad99f1ed5216f8e3504c61e7f01d32212540cd044943e6a92722f64df1d0 SSDeep: 6:oTf5bRLroP2967ObbqKYwbvYK/QFpByop2eH+5rEvc+nF1ZEVfMAu4THdxCCL0IW:oTBFoipyDd2eetE0GF1ZE64THd8CLNur |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK | 2.63 KB |
MD5:
937b5b75555746e39e86c81437453305
SHA1: 7e57f216ff4b59727fd4e9ae17dc2ac48987096d SHA256: 26e05e88d52a09fc59ab8ec57738fed9a10cd9f147a60910b45e8dc16986ccd8 SSDeep: 48:H72NomybBAnFzPAW7BjwRHxoiUP7BXjnCWcR74MHed4PI:Hi5LAYoHu5PVznCF74MeWg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK | 0.41 KB |
MD5:
8bc6de009595a0abff15f2a63108ce19
SHA1: af87ec7fd4fb5d861e09c260ca13374c27d7cb45 SHA256: f02bcb736dacce3c1f52b3493380af928accf57d76a5c13e075806c946adcd04 SSDeep: 12:RFPDDtkCMxMuTLVrWI3sSy9E71MtWYLIXrWgNbqDS+Yr:RFPD2K7IcSOE71MtvLIyqr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
5fbfd9e6ca52babebdfb56e31006c0b7
SHA1: b89c577fb58071e4d6aee00e313f61cf3422bcfe SHA256: b0ec7cf45ed8c4ce236aea20e6fd4f3148bb31f5b458d0d95ac9b6c5a2196387 SSDeep: 24:lCPatxHXWn3O81QOfouUtdljiyewUYTZBD4nA59sakuuH7aSYcwZtEa9M7hlB87+:ESDn81QtRlepu0nu9ssIYcsO7PG0h |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK | 0.41 KB |
MD5:
8401d089bc4389826078003313733efc
SHA1: 1dea16b945f601e762a19adaa6b6d9c338b16df2 SHA256: 748dd14bc0a0db9fbe472450ebc7f16fdb37e4e52f62bfdfdbf4990002ce25e6 SSDeep: 12:m/y5Wv1Q9gaWvGKWQXdjQju42if47zlqJqbN+dO07l7e:rWv75GiXCjZ2D70JuwTy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
bc0c16eebdbd42680a61f3b726842724
SHA1: ab026ecd252d5733daa60863a1cb4cad597e3e8e SHA256: c0c4436b6f328426f8cd1098898f37cf0888f371608f932a245c8a7350693bd4 SSDeep: 384:AFQGrD1PvZtJEYWjuRaDo67CjN09MfkCnQ1b/jK/i1h4Gxwt:Ad1vZtJr5RadY09A7QVh1h4GWt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK | 1.38 KB |
MD5:
28b0f6e23d60939b47109bc9e7aa46b0
SHA1: 2ee1d72b0a47d6a16770a20f2c30a0378a1facc7 SHA256: 93c14fe789473a8d445a3999cf59440e2662ea883388922c89173e9e2de3fe31 SSDeep: 24:572zM5zAgXp3IQeyxlkMOp9F9X39pNhnDt2nOfG+6BBeYq6Z8OzSknMCw:5yA5znXlIYkMW9FhtpNzDfGnnHpqOz9Q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK | 1.50 KB |
MD5:
3473528fd1fad87753436fe5fbfb5204
SHA1: 92e9670f52b6ee4708be28c73c65e50727727a7f SHA256: f9aa2fcc3216f862dd416eb61e232d7ab2323c9f9af5ca682c1551f82c9dc834 SSDeep: 24:P0au5Qdj256Iz0bI+6asjo4/lS5zEBdCKyIlQeFVT2GoZqkNRK7uWTiESrm:P0anj25Vw0+6aA/kEB5NFVTDQVWz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK | 2.67 KB |
MD5:
6c02d874ee7e2c1c82c283b62ae921b7
SHA1: 51aa72baccffaffb504c54760972912646475d08 SHA256: 55ce0399eb0312536948d194e18811e9780bd597b9229238967e81dbaa75ee0e SSDeep: 48:468N7BrHbnUfr4ey9568XL4CT7DG0Zz6Jr8+B6AYrR7GAP0MArSfg+uJbW:tw8r4eO88b4QGT8+B6NAZM2t8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK | 2.38 KB |
MD5:
1a7b99f7737e4eac1ea2575907760f1b
SHA1: 275e110d65b62f98e22daf3a9d6b0754030bd6b2 SHA256: 77afe45d9aad1fcf0dc1f1ec3b4d612a2308f3b242af4848d973f9c4b64e59e7 SSDeep: 48:BtGnQLvAijkjFznmXplByB1sRd5cgkfqLhEgNCpOsiU3/947V4NUo:BtGnQLYWIBmXrQsRfkZFMszV4hwUo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
041b1af554d37feba91cd96999254c1e
SHA1: 7941712d840bcce5a48e2a78e5b21c9f6f4d83e4 SHA256: 1732758e455ec764f9acf937a059c4025bbfbcdf1cf4bc45f3c96355c5bea1f6 SSDeep: 24:pDOfnt8l4L7HgcAwTy8ow7h61BuymmuVJkMcagRRqh1jxUVBX/m9UuMJr:pyVlL7HxAwTfNaIbPJo701jiVBumuMV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 16.28 KB |
MD5:
002c877d7a885646c29c5fe511bd2afa
SHA1: 602081fd56e01318bd73d85efbd3c109e60d83a4 SHA256: 437510eb5e735465d5fbb67059ed085b024f916dc3a607d8609f53922d776cd2 SSDeep: 384:4I76vCipxo7y5RZURlDdkyzc1KHCi44ysbzsxlQM4wlMHl3azP:4IWaipxIoZURdjzc1WAwbzaaHd8P |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
5a8dbf0cccdfb9cfba41ef35924eee57
SHA1: 884ab42b21353ed4de9e042e7de93c13456310a5 SHA256: 89948352961d83eb56f547b57c1005474f46d29f8e883426e922881884daed5f SSDeep: 48:iQUKMNPH+iOpxi8C2A88Hnq1EWBSgNNH7aLeuTIO4uS+qYegnc+wKzXD:VpYpmvCT8WUEwN0e1r+qYZz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.72 KB |
MD5:
310bce0096c8db67dce6ee89f5ec7777
SHA1: 910242fbda5faf497dc91803ca13d4599f50a82f SHA256: 441e5c75b5e30c676a4372183433593877ecd76b77b081031df6592823db8720 SSDeep: 12:RpqiU+GwlmXtYW65MoPtCQDgnA7EyzNgPxv/CSaR1y8qiueMCkIy8W:/qiAXtjolCWyFIRo7iueED8W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 16.28 KB |
MD5:
5d4e7f97c3f2ece11955f4a007926ecc
SHA1: 0fc61dbaf90ddc65fa0886425a0061e534b093a6 SHA256: d491146bfa79ebb60930aabf8d52bf53b50ceff894ccbfa769f58c54923e956f SSDeep: 384:RS6X/A5XJK7Mhd5RIPH3X02jKUQTClDQHBiBDd+zZEYLecsuL:Y5XJK7e5RIPXX0pClYBiv6EYLeG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 4.28 KB |
MD5:
9b74e943e151edee8676e2b9a1fb6eaf
SHA1: 27437eb933192cdc6eea4a05e9d6c5f75032a46e SHA256: 88b58da76dc07b07ac9c11e479353d569ca46fc59ba71592a2caf0942fde9f97 SSDeep: 96:Zc2Oh1m8rKTwbpu6z4DqE4Q4wSHuk6LNElr5/OIYJCYLGA:ZLOtrKTwbIqSqEgF56R6rMJCcGA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK | 0.41 KB |
MD5:
ff9a310b8bfc40bc3c994b5bf3d4b524
SHA1: 877b20b97310c482f8f2e3235c7ff28ea9619a9d SHA256: 56662159639641b3708f2589d22eb2a9f5964573dcb5038082e3c291a9cff978 SSDeep: 6:5laMXVZ8/qsujvYSsETNy3595DYzYj9Wi6/i7scf+nAosHjHlF1i09MlBDIop4H:KKvJlTNu5vYzO99TfoAjF0vTDIopS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
8c0e38b7694b1c186aac76f0c053af63
SHA1: 2e2b547d74fe1cacb6fe9174f3ef973a4b9acdf1 SHA256: e04319c67519ccb22bdaf674eaaa59ec31d3caed16ae06a00d537bd922a62683 SSDeep: 12:TpopMgqTaBsaEVGeG9vPXQ1jXYabeAOgRkiU5/SaDFWQKtvw74si+pX5+y2lF5d3:TOWdatEVm9Q1caOgRJUhFZ4aBwy2lF55 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
9a7d34692fe58732a1bc548ec0bad640
SHA1: c58b2d849e66b35ef96c66c486332cb7b776f600 SHA256: eb00e0f0badaca0d8a2073ac67581bd4a3d7e3c21d7093978b0619c8d68b293d SSDeep: 24:ILiUpsxcdji4TCOwatd/r1k0NgK+yjysIZjrobIVdM4PPJy3MyilckeDFRY3:ILiUpscdjfttFr0ymjrobWPkMyXDDF0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK | 0.36 KB |
MD5:
3e9e1897b4f8995a416526e97650be10
SHA1: 062ae347cd56691e3373efa06ed539ad5e5351e8 SHA256: 2a4e7d5cfae92db412153d87389be20a456538f4ffb1ade556574be1c56cb5b1 SSDeep: 6:3WXXQvKgnTDEtBZsdSy3knwGg5en+TTUXMeUeiFgqImCd2ujrt+qCrzzjeCE1PRq:Gn7IAdwGg5c78eUe6D1uCnmCb |
|
|
| c:\programdata\microsoft\windows\start menu\programs\word.lnk | 2.67 KB |
MD5:
4cf6a72182107d794f89af9fa109c7c9
SHA1: 88adb7f5a9bef403f5380139eadf5a59fae10b63 SHA256: 95f3c03b03088f3a39a57ffb768e5cc887d5862030efd7c0366e35826f7bf73e SSDeep: 48:e4yN0pYoD2j7EF2kcQgPyJBMKhwzGLNQY8iUUueDEhijGc2zzt7HbcAE+ggn:e4yN0DcEFNb9NrYPe4WxOt7wAE+gg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
04984e83317ff1a0f952a6191df95c73
SHA1: 7a4d2e5e3c6618519b206ea6ec1eec9d7f380e9f SHA256: feafb55bd96cbefe1553b77d24b52f0b3a55a3d6ad756f9a92d9384cb4921668 SSDeep: 48:VLzl2c0bNZ/dgT8dySBcaIDfBl69fDy0OX1xCfYJZ6j46A7CGfQXJADaTvZ7pl:VLzlB0f/dc8dygI9kJRi6jLAGWCQaTd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
77244fabdab452432b0c778287c15c51
SHA1: 2652a839aea263b790931bd1ed26e9d1d097a727 SHA256: e9c626502bf607bbaf3b1d486a7a9caab72a65bdf751b8359ff49c5aa80bbf02 SSDeep: 24:FcWxcHSbIkns1tgsRzkZZEaRdaQtEPsTh5dBBUSh6MS2+v2ueZF3Aj3VFQ3O6IBG:qGIbt1Rz0LdaQPT3fBUADS2+uue/AjVI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK | 1.60 KB |
MD5:
752fadca80c4b5034c3297bfbe480b82
SHA1: 5072e927f1f5cfa9a7b2dd21c516e4ee35e08d01 SHA256: d570c1ed7183392abbfcbedfce9a0c47ed0c2f23f7f33ad23a9ccd367aff9d31 SSDeep: 24:VCMtD+Gh/9fM9P2H7Nt116+Vl9eAko6fJLLfnPlPvrBbY8aiQhrUkfbMj:Vt+4M9ej119VuRJfNPlPvrhY7hrUGK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
6dbb87d962637a43a1018d5ea22582d3
SHA1: 581d3ea976b7dc785d49c8d02aeb7621f924889b SHA256: 0eb4d2b8dc482e5d84e1bffb57da396bacbc2225121ed69f7944c8fe34b706e5 SSDeep: 48:inVE1e6zkEW3hmqk0Rv4A+XKuaaxIlzEoR260EL+xA59LfKbnSwTFu6r+Cx1:yVt6fWRl4jXTZxIOoR260EuI1SGwTFZ5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK | 1.11 KB |
MD5:
72b12150b9e8e6d3f68ec10a822a76a5
SHA1: c92a511850977135aaf6c6e8b1439b3499337098 SHA256: 0839040ee541ea5133d46a629a6cfac2f76b30e6ccbb9a0f63be7ff3237fd855 SSDeep: 24:4Okf0kNSHGzIK/BE8Lle8bKAGHjGL2Kf76a1yUWKPU2uByfOM6rbQpoS:49TdXnTL2Kf76+tuByJ6gGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 16.28 KB |
MD5:
a280d8682c9d8a63897738a7459d9da0
SHA1: 4f1c33ca2ae59c0a06ae549ade411ccfc420c97a SHA256: ef79000f628c0ae436ee676ee510b4acbcf1f3feb2816482c460bb767c353a31 SSDeep: 384:ohkFTkJcGugA5FX/ZAlI1amE5B0JArN0/140BSpp2+S:gigA7ZAXaJACd6p2+S |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 16.28 KB |
MD5:
49d4aed20bdad3e1028d5f6e047a1056
SHA1: f730330066343b5af33cf1cfa45978e542d695ba SHA256: 87ee8970b8462eefbad63a6b63cb4f8c89fe79f611ff5b3699545a7ab1c94d19 SSDeep: 384:mneKtbCcgTG7Zxxb/4j3ldXGPiAjR92eD9jw7BHBPd1:mvtGcgTGNjbQsi4F6d1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 16.28 KB |
MD5:
8e354e9989db795649f74f1040522d04
SHA1: d81dc841f5ba47bdf3e968aa307ff89625479616 SHA256: f66d6b90fdcd86186aa9431e0915f963f01c5488f59808b2ca4b78c21f7e8c7f SSDeep: 384:ESkSc0ixfArEhmthYuHbgEOImGHq+7HI25/5kCiHpXVlHIv:XVc08Ey2YuHbgE5vh7yCypXVlHw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK | 0.41 KB |
MD5:
2626fd1be39722c62f29157edb9a19a6
SHA1: ff01374de5f1ce41962443c61e538dbe10e73773 SHA256: fa6f044f4c6e6fc6133693ecffa77c472d13a411f7ce7224ed4527427d4bc571 SSDeep: 12:ItIBKeZl6bumGA/KzRaJHoon9zTiLU1XUIt6:hYeZl6bV/wRaL9zTiL+XUIY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK | 1.36 KB |
MD5:
99ffdf7d8f38dc8ad9d8b39477071bba
SHA1: d7f88b0b934be2b2dc66a48faefeb99bc52fcfc2 SHA256: 598dc49d018530561347fb87b456b7cbdcacd66c01c37251d17e16986ca1c623 SSDeep: 24:wJbKOyWR2jgVGEuL1TqZB+4Tz7QYZrb38E2qA0qIfmgHphfWUbieVZ3+vCv:wp1duBuZk43jZP1JHphfWU+0Z3j |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
9f4d5cda1dcf4791919c1b081fc4e68c
SHA1: 286d788f69aba17a11ae9009bd1e60196c01ac9b SHA256: 858d55d383c8f3112fa54f77255a777440d50aabca4471638077ab65cbcdbf06 SSDeep: 192:Rbl0i3wdYlwmQ9Tyv4pc4ODYYvNLxQ36AfT4U6MvKnXDzjz7mUjxs/5CnlTl5N2b:RSi3wdswDE4po9u6wZFinXnjzXH2/QW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 0.71 KB |
MD5:
b00ec100de27322f824250102f19ac63
SHA1: a7c91356f45440b332bfbc74a8bcc761a8cbe434 SHA256: 8f5a127cf495511bcd1936f426704ce1a8a64a38dd914e907616f7e9742e14d7 SSDeep: 12:wM+2L0WgDS2BuCPwD4Z/nnvzxcE+aQCGs68twkfdtDlcAdiG288I6wTF9I2IsX3A:wM+YguJynntpbGKSQciiTkPFWs4b |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.69 KB |
MD5:
8e6ef7c7bb987eb4eb3c56526da48406
SHA1: 40693d36241cc03755f4c94d5739383f1ff95d2c SHA256: 642b93b5009f88c22edc925e94bb5189118a5974a6d4c95f80669f6bc100892d SSDeep: 48:BPttb8KzS9JMjggty607Gq/J5B+rgikzUFKglTe+AlJsm:+KEdgtlmPJPkn/Kqml2m |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK | 0.36 KB |
MD5:
1ed18e9f8bc73d62cff87e08c995d1fd
SHA1: 9009aff9b1f3d73fa62dec7e65c272296c66a37e SHA256: c6a0ffd8869fef9285ab74c50d41167ed2236dd23a598d8815ef96841b7da862 SSDeep: 6:exE7WKutA99DWpBu8uiTSK6RoX2v8RuZC5tP7qyo6kNUgm4LXFkTtRBFaGhnhVM:nZutA99ys8uiT16RajRgCbPuynkNUf49 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK | 0.41 KB |
MD5:
7b76b6d74bf8004f43036789597f5c44
SHA1: c9d9d792a550a32ef135efefbf586b5aa8d4d892 SHA256: 310053a94885a92b95610934e97a52b3d533e5326c602a10fe94b54dcb5a34c3 SSDeep: 6:UE1oHit0AJ0BGU0HjRa0+8412JZWBCjsDaGyAqPKkk7T4Ey06seR7n:UtHGXjc0W12TWBCjoaGZWkEsan |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
be9665e4d942e2f71ee29b5d6129b66e
SHA1: f18120e0989309a44f098d8927f633ba4250b77c SHA256: 09c2ee369fa7ba313d1b2fe0a5d841cdd423b90afece23b411a46fa4241ed786 SSDeep: 192:xgGMWjiMiD5hbBvi7ey83cqdWa9OfEVZc8QGu1azt0abxFfNm4/ULl:x2WjLZ7eyBna9aEVZc8Hu100aj/ULl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK | 0.41 KB |
MD5:
897f61d6e8b523178e80232a582b6fe6
SHA1: eb8e1c28af3cbee7e8f5c14d206f2d647e00ab9e SHA256: 08c7b9b569c25bd8ab57bf1a9daa7433ea89b735c10ff60377e3c2b54602e073 SSDeep: 6:naOcTFQslQQ5WW8U264WzV01PtBgWwGBIIunK8tKENij3+MM/rRRH8ea/89wf:aOQ6slmW92PtWVIunK4mN4eEE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
43f5265250440d298f772d227a6cbbca
SHA1: 6f4905c1cfc9bff87c0b58e4b223ce9668dbdc3f SHA256: 1f6677f165ed45d3d52bde62b1c27a78c15b8c84221e9ba02c83cff39bc5be5d SSDeep: 12:rQAeLNI+GvuWapp8uSuurXcd0GDFV2GGfTtYwH4:rbaK+XFS9lGJ3ETv4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK | 1.83 KB |
MD5:
5a0bc7f25bba1d8b3e1efbc2bcdc0b30
SHA1: f27382371836fe9d7e34a2b63188cd084396979d SHA256: 942f2a8e4632dd3ec53938288a33d8bad5b874711a72f7fb01ca42c28b3fa2a0 SSDeep: 48:192UIhLUhSKu8a8IRQGmVJzm4ZtZO5sr1ZZ7dq+Y+84pliL:19jQLbz58IRQjzziCTZ5qHwDiL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 16.28 KB |
MD5:
80af55303cca9f656d6b5ef31992221a
SHA1: 7ad3d884e32f50557bf5cf0c8470180802c77643 SHA256: f252ad4ec96e530f53745bf30dc0933d944742fd512341f5de79df483bda905c SSDeep: 384:ec5Hh4ByZgrIHKWvJlQIzUrn9bmh8iDOhfSH0+tMrk0:ec5HhuyG8HPfQACbv6Oha0z |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK | 0.41 KB |
MD5:
8c1354ca9cacb50b80a8c315ce4de581
SHA1: 9dd8a4caf5cd8ae7ec1e9a4dcc7a1989e6a1c0ea SHA256: 75f5f8b392316f9c40200a4702922f62ace55d607feb72a7c5e6cc80917b11e5 SSDeep: 12:AUcA9ib/tfP2ZDYCxqQRa9OF4EZXTIqev2Yfw:AUcA9ib1fJCxq43DHV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK | 0.41 KB |
MD5:
4b26b66aed2b286e7e2ea4cd5f499fdb
SHA1: b47b8bfb514c172a17cefd07ed65f9d823683986 SHA256: 60e700b0734398c2146f951bd1b745f6506de51d6f1fb8270b0123ab5a76c5b2 SSDeep: 12:77eGVw574RJR2pWqB9xOWgGjRfQtNanqiE5R:/eGVw94R72plB90RaQ7TL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK | 10.00 MB |
MD5:
029143b6383fe86a454616f35803ac5c
SHA1: b62e762d0972d7226e5f8936b7091aaf4b5970a4 SHA256: 52d4516f56e44a01f59e4952992ac95a422a86fe445133eefbb4e8a68a24a43d SSDeep: 196608:DShB9tJnyut0n46J7RgPGb/QfjIC3Qa1oc0kFgbQczUul9NA1B6Vdk6:gbJyM046JF1/QfXAaskFgbQyDlcb6 |
|
|
| c:\programdata\microsoft\windows\start menu\programs\outlook.lnk | 2.63 KB |
MD5:
2dc9cab5d1ff3af305ffb830065e55a3
SHA1: 54b547d09b1b94458e398ebaf7f2e6de29ee391a SHA256: e40be932ece2bacdd51fcb2fa83afb90a5bde6a2269874f30f491c198533f482 SSDeep: 48:4wKwpTglq4go6FhnGprxTV0bkCD5cPShzo8BMTHIIoPhgWe3UwKMhmaLvQs1D8:TKeTowFFhGprFKJ5cPazpSchg8XngP8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK | 1.72 KB |
MD5:
b3c185fafa76cbd0bfd7c7a0c3b11aec
SHA1: bd2749f7e93dc97b670557d98090ecbb78c82720 SHA256: ab6894bcd74a8ffdc0cb1aa688af76ca4e30755e92018a83e23e59c6e669b986 SSDeep: 48:9MuF3+TyfT3ThZ2BWAdkjv3Of5hNjNfdd41oh:9MauTuT3WV+LWbda1a |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK | 0.41 KB |
MD5:
720f139bcd011373468332faf75c82e8
SHA1: 5f8dca5e8297959ff998c4334b5c5016c8f50028 SHA256: e19a0d270bd1275c99384bc6cf5a4cc0e5267f3ca61937917a10c95d1202d965 SSDeep: 12:zcXexNtagriJ2Ry7qVV2g03AQ98wB41czweZxM:z1tagW0RyC23F8e4AxM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
f4583c59788e702a2ac5caec0c338fb8
SHA1: 131ea416e79ef2cf7123b496187ec4276a2b56a1 SHA256: 6741a5ca2ae4de5615280bf84f94fc659c134cc1eb12929af718a04eb2dba4be SSDeep: 12:dZ90vv8yxWLuvntQJS1csGcPahS/fG/4bd:dj0vv8XyvK/JcF/f9bd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK | 0.50 KB |
MD5:
c0194a4b0363f78af2c8c8bde28e39af
SHA1: 5d514ec45ad0508ecd41d2690e30b636645e5692 SHA256: d2135651b1f7cb3c7e8c0110b5959f1331feb2d1cf1dfa754560c5773dda0a30 SSDeep: 12:PRnn3XPTyoobCV7o38vsESFtvJyURcJ+EvgH0Fjn4X6zR/+zMYre8ZVRE+3:Z3XPTyoMCVEE+vJe0rUJ4qzFwMGlE+3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK | 1.44 KB |
MD5:
c9778d74f791cbc19a54cf6d214b5dba
SHA1: 8eb1e7c8b7abdd680f06e1db9bca7a78380953c5 SHA256: 01ca596829e509b18eb55398f4930161c942d2d027365182773a5132a098c568 SSDeep: 24:i89IOBpIksX0vDgu9k4/2WMkvzQb9dQ3RlhydhnjZKduQBHviKJ2zhwlK4PjMxOk:IA+F0rZ/Vs9dAOJjYpzjMxsq |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK | 16.28 KB |
MD5:
496c84cab32cc02a92069cae1f3c9e93
SHA1: 4bdcb563d43d3c5e7131b7bbd935096649729ba3 SHA256: bbd20b0fc3c98b525ab6d8edb4f7c6c5f26da9ccb079de603cd9d33ff37a8e1f SSDeep: 384:h0bAMRrtbyTeNiyYHDB6MtNLNyEWJY8iHNkR8oz:h08CbYMyQjY8iHNk8oz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK | 2.63 KB |
MD5:
2a9d6adbc8463ebfbc41e9213f043815
SHA1: 9df6e5943255e3dbf3eed84f919ed06bd88ea837 SHA256: 446ffb2b447c8311050dbee91b667dff64a4c2b81a203347f7406d6ffa3c6d56 SSDeep: 48:gS5JPduUaTPHBNNAnpNQRFo6cpi0MPKdeCLOqs9MmSwQvmtDVmFdjgY2ngJBPQz6:gS5pxcBAnjAtcZMCdxGSeQvWZmT0YwgN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK | 0.41 KB |
MD5:
bfe4bc8c896ab61ab8c6b5da8cef99b2
SHA1: 755aa0f20e3280002c5385f2266c95a0e603d141 SHA256: dabe533442dc4297e71711e2331054bd3c53699fb428ff1babd184a01f17ee09 SSDeep: 6:8weXdZoR6GIWqwKhx+Ppr+QuipHtvGjgPjVF9QXv9hj2RPL02rDZX5IF2wIcYVzV:8wqZoRXWIprhHPjVOFMbrD0YLcYVzZ3v |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK | 0.41 KB |
MD5:
71462bc52883dc628df5167475377d52
SHA1: ea30e99c4078f3a01a5870f6e781f5243bad6b65 SHA256: 2b8dbfab648bb70dc67a55554aee118fdf740dd9389bd5299a7f4da9107bfa1f SSDeep: 6:COhTLUH62W37pHFUgA5m2FIDP0vD5Moh2olotyUp1iE6GxjwPtm1E9sGpkFQPOog:/J2W965IL0b5MoLqtyM1iE6Gxja/Chn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
c94cc87e57428265dfa381dd00131182
SHA1: 4b663df1d21fb437d3a0e76b284079521d645818 SHA256: d1f325dc199be308a0c7f9c4fc1aaffb1ed76a58af2f58ca28446b76a94a25b5 SSDeep: 48:K1JxrOFI3f5R3IDUdkt6eC0oLQGRtOKI2veVc5D:eJxyFI3MUdk1KQkXNem |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 16.28 KB |
MD5:
09196d3ae7f71c556a36165e6e59cfc9
SHA1: 62b017fc4f4282db3fbcf24cba8ab8adc11fbeeb SHA256: ba03807813bb3c3e12fc7a394a50d57016bbf5e76a1bb14f60848d35d45265cc SSDeep: 384:zFnEpnWUNKjM4Yqhy7w93Q9hi39lAlSGYhvhkBIOBATLV/Epcv+:+IDLY2y7w93UW4YGYh62OBATL+8+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK | 0.41 KB |
MD5:
cf9ed7e0bacd06f2f67830becba4ae44
SHA1: 345f16513df7a04238f1797766a10bd12116e45a SHA256: 1bde1524f167dae98c8fd57c0a3386cb144db1fbf440a05a62860f980d86cbe3 SSDeep: 6:Cn8Rwm1TmxfDI+5Jhnx6D3PCQ/bww3nfNDSMwXcZ0xWQZOWkFocgrIZ5i53jgv:XyQmx7Pvx6D36QlPLZBYOWggc56q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK | 2.64 KB |
MD5:
148978d073daf85a313c718ff7301615
SHA1: d2712091e0f82733684b2902a6f882d3f5018b9a SHA256: 1ba3f6a1b6cdbb4838ff32dfcc578ed6370041e27318ef1aa103206e47bd6993 SSDeep: 48:KvQ1tMBmhZJTvXEj3/9GJij4KP3KjblOIB0ZITBmcfBfIwIZT10k7sbwymw:K7Bmhvs3/3j+b4UBTvBAwGLsbwyJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.67 KB |
MD5:
1f3845de82214f16013c0260afd3c4c5
SHA1: 708220ed1b728c475ebf6a4d19c977494a9d50b4 SHA256: f07e5c76f281a4030019978359f9f55c369430b1eb7c7570c6d95907ae1f98da SSDeep: 48:VL6kh8urietAFhYdQuJ/gqxiIOaoyKIKxE0CswNs5jIlZskSGhKLwMM7QkwRXjq:VcueYAFhiQVMzK3xJCsr5jCZXKLw1wM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK | 0.41 KB |
MD5:
53e6a6d20c84315c083fdd763995b9b3
SHA1: 372e1ddcb509f764c4ae96e07b0c8df6344e17d9 SHA256: 6e5a9efc5083970a082b49cdacd9992a9a53cb151ae417960e9d7d9da1e42da2 SSDeep: 6:6sr6o1aQnTk5ozdJ55lItI9+B+Tlv1btewppbEUA1AroudTOgLf8VLTja+NIUomD:6sL1BhPr9JTBvppgU/9L0VekcCRn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
54e270db7949406a75b693449878fa06
SHA1: 8e5ae13bf38b49639d82194db1499a502fd0ac60 SHA256: ff4b158d8c9270d47ef1b3ffb2cdade1e2dad8da66861f54486a045053365bbf SSDeep: 12:3MC5ZoWQA3AMGhErCzra0GW5EAws2qn837WC/LmMK6nl+gWQpPpQY+XGE:xZqWAThEOPa0GDVsbkfZKPgWQ1pQYQF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 16.28 KB |
MD5:
c8d8c83257035fe5f15e0c393b6eac80
SHA1: 96a5f3a4d047621cfb1a0f5c19957815a4368684 SHA256: 7d6eb451c3fdf4f6f8b88a8083d4dcc95e6227b7fa7dbcb1d99468fb37d32384 SSDeep: 384:amu3tBjKS2br1uNTsvZ/AMD3Y/4hF3VIg4U+uDBonq+dcfan6R:amudBjKuNTsKMD3o6+gRBQQan6R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
52999f9c6fb9f1639bb1296510ed23aa
SHA1: 11884d0fec6825e6695b8da04dcbd156692f7012 SHA256: 2dc715398fc8a2c7df0beab3304684561fe6da3e47f90edcdfd395a5f64e4763 SSDeep: 48:pnUsCx48Ut6vvEXOpd3Sfl9FIxK+u7v1cE0qA6QsawCfqPVX3:pUsG456UXOp4fl9W/g1cUQLfqP5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
fb4decf2376a7a8a56a3da684c561aa1
SHA1: aabde8d354e2a3ad2b46a09021c387aa8399f761 SHA256: 1fab73615175e61327f7bd19b3cba626775ac430866725a6168759d41dfdef90 SSDeep: 48:q5nX2KcEMJvXEtFUDE8DotC05g8z2ikabe9Ywbu/gR3ketTTae:q5X2KcEMJcFUDEc+/gA2ikabY1DUetv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK | 0.41 KB |
MD5:
bb1318d2f51f892ea4aa188777e1eb68
SHA1: 7fcea5702b735041bec84ab7bcd694ac6a8eff67 SHA256: 51a00a094a3c6541b6480f6e422c81303f7ee826a81ffdccac5235fa890fe290 SSDeep: 6:4tRRs5m11r3INFs6S3j8qmjRCqoWAKde57mZbT8IJmNZu43HenJlNfGOk58Azp7A:IsbN9Sz8q5Ow39GlMn70WCIebEo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
f2220d3b177e5df924a3a070bc1d887c
SHA1: e786ea7634166bc97189df63a9af38fa50653d16 SHA256: 6ecb1cc79301862a1a4a9ac3cae70f5c470e295ce5fd907171a3a8c1850ea057 SSDeep: 24:P1Qto976XFr1f1ww5ct2ZqPMcTj0N1kL6cMpajsqqyY93NZgp2jfc:Py44z2tt2qB/L6cIajsqNY933tTc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 16.28 KB |
MD5:
92a9cfc3ebe6262674aafe5635ef361e
SHA1: 19a98da4d99a734911c90809f2e8cac7373c8b9e SHA256: 6bde61f0ed11233e1dc0a40a8f8aa5c2e4ee1792c3cc79f2b712ad852c9c559d SSDeep: 384:ctsLMJAmSdl7sYIoR3Vv4GsSYRh2gy/ssCqza3:JOAmSf7Sq+bgj9Cl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK | 0.41 KB |
MD5:
b313413745d1cf377ee39da2b5914160
SHA1: 82a595a77342973dd95dd7a56b0aad84db6e37f2 SHA256: 113394ff8bf7c465d1af4b904e47c54a4cddf2ec4a30b4167a5bcc87f831a6ca SSDeep: 6:Lfg4VDpx7dfxK1uRH0y1YnAoEJT5gWqWtzyqq+BuZyikhvTyo5VIWNpmy02:Rh4OH0ymn6JyW2+BuZyHvhmy02 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK | 0.41 KB |
MD5:
9dda03b038d3686e61c7d40d7ec4762a
SHA1: 453c32e916198faaaff56216a1c3fc0c19ecb5b8 SHA256: 1fdc14dbdd2a0c34bc8c0a3bbde1720d92c78226e3ce1fdb8a65195f93b97e41 SSDeep: 12:teezP5OTZXMsgQiA507xltP6M2VgobK5/hqw:MezB6ViAS735sxbKL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK | 0.41 KB |
MD5:
fe04ddfe4b39b1f0dd5811adfa314c81
SHA1: ebf042ad98d21faea24f1766e0a96439a1ad87ee SHA256: 53e66ec08c94c3687839659edc64c92ee2cba62dcebad48e982685165ca2959c SSDeep: 12:vGLbycebZO8Tr4FL5AtjEUkXhOYy/XtIomrc:vGLEbLTrWL5AtjElOYy/Xu1c |
|
|
| c:\programdata\adobe\arm\reader_17.012.20098\acrordrdcupd1800920044_incr.msp | 10.00 MB |
MD5:
96a8b7c995ee4ce88391a6eeff345b25
SHA1: 97222b04aabaf1e5e66ed37ff1bdb017be6d9ef2 SHA256: 0495ae6d8ff6a9f46535b7351899be2cc07b8744f3f908ed7a9cf033bd91396a SSDeep: 196608:F6aPNdhm69W1wNR5bnZzwitGRFJvW2YxWCqoM4ffR/uRVr8E7ejFul:FRjhm69W1wL5L6tvhTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 16.28 KB |
MD5:
113973c1c3b2426fdc11bdfa1fd983ca
SHA1: dd42ba0a3265fd81c51b8480c46b6ae97e749ca2 SHA256: eb948d84c1bb3de04f0cc00fce46837246ce9e68ba284595e4a120d34a74f1dc SSDeep: 384:CjX6uJIPk6cZ9mReyeAr87JFvK+ASvTOahtYq97M9Vq8/v:CUSUleBJo+ALagA7qYG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
2be63d3e8b90111158de45b4d2fde09d
SHA1: 5d01bade251126f7749526a81e7547101d39639d SHA256: be2a6aa83967a62e83740bcdf6e16bcdd18715c2146b948995d47e7b7c218acd SSDeep: 48:CVzxyaE6X1fit+v8xmRksHcMZmj/WGn36jX4fgoM7/kZS46eKvB70BJ7N:CVz4aESALxC3ZI4FMZS4YvB7aj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK | 2.83 KB |
MD5:
492d95c58a73c1bab21bfee107762df4
SHA1: b81ccad64e0a1561fa326c4bac57792b71298eaf SHA256: c55c1a6eae189541c80c61ff9439a24d3974ffea66f7466612885a032d0a2b11 SSDeep: 48:07FLo9wUWl3BvzCK2w3MWxge9krlhdc0aSWHRYULUU5W2L1GXCC4E:t9wRlxvzD2lWx3ChaSIYULUh25GXGE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK | 0.41 KB |
MD5:
350a5cb5f71468efd09c4236024ba106
SHA1: 42776de1a4e02ec43682e6cbb13fe9e622eaa623 SHA256: d7cd79d324e4656642e877077e990fbda1119d07c8a96a8f4fe2589ca81e6144 SSDeep: 12:/Sa+JeFU9cPqiOBSr7JoPx3AhcAFfUqvLXua27j:/SzJf9yZO+7JOSSSUIDfyj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
72cc412c36c756fe0385ca704ef99a9e
SHA1: 14bd5841328565fff0eff77b558b292cf1cdd9c7 SHA256: b5d14a2c4377215820e0ea71db18111903bf324123110957a30ab9a06073b9cc SSDeep: 48:BkKMsvVKe1KMS8Vl2PoVVbUyJ9rSyF1HWeQ3AnCyXIFxB/:BXjPSlPoVDLlF1fCyX2xZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
d1d0252dff6f2daf498325c8ea1a9b9a
SHA1: b773956d1dc6d9a4401335e2c27e5192def734b2 SHA256: 8939044ac7b81e93dc8e11495970fa2320e24f80dbc4b36c0719a12e2ca9b4f8 SSDeep: 24:Njuho6QrwlR6HRxQ27FRl6MaJBPoHeYqj1d6fp+h/ZtTZDLwqIs2Eg:Nn6EwSH7HFRAjJBg+rj7954q6Eg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 784.33 KB |
MD5:
95f2c5da12900bed58473ed12fdc445d
SHA1: 0e397638e17901a4a85e9179d752ef564f3273ec SHA256: a6efb68654db862dd703d3292d53872e0abffedf576e932402774ec665f7d203 SSDeep: 24576:YLETE5vJJzvXjjdBIM3MSkJm446jpGrfY+Bl:0vJJzvzjf3R44wyBl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK | 0.41 KB |
MD5:
660769dd42a641946cadd10f756f617e
SHA1: 8e3c848f07217d3be8e7d5ebaa3ed2c87e11995f SHA256: ef0c58edc7302f739147b2bf963495e2a96bd490276c2303d0e12e21ed0f291c SSDeep: 6:ZtMv30QSeBGHWEv2kHkvtfvto58W0PtlVyQOpeJXHlM3c/spnA+BwbgsZytiav:Zav30QSupkHkv9+qFE+WFpA+BYFZycav |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
4d04d4d283cf8ee72161d904c6b52e1d
SHA1: 1fbbd5d2e17d796da8a88f8c4d0df11662c910dc SHA256: 48122524643d7a57acc76da2ff7a29e07d4bc84a3c95ddca95c3ab7b9a5aa978 SSDeep: 48:z44Qye8L7F3293JNwlRI+330UHScXddsnRoDO1QZhGY4QmeX36bhsMsw:z445ey7FekISTycXddsBQZ4Y4QBUhss |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 16.28 KB |
MD5:
bb9f5fb787cb68907b25dac51a58ec07
SHA1: 2df36d84b71d8778c65fb428837cf056a58f94bc SHA256: c15dd387060bab5496878fd500c90872e0f575c17362a6723f51b5683b0204b9 SSDeep: 384:CUk43vB09Y+rKQS8U+OZrZwGloyuwxjKQru1LbtGqOn+vm6bn/c:CUlp0CB8UpdZwMoUKQruBtJwOF/c |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK | 2.42 KB |
MD5:
dbdc989ebc175288df25567e6574d141
SHA1: 35a3a154e640ee74323d1784d5a25c29bf522709 SHA256: 265cdb5b26ad8a6f366c102d8887992a80b103a199bf5e38948383942019a93f SSDeep: 48:hFra3ssHnWKoHVi5GJ1JNPUC6TCus6ibPMXVYSWi1vBiOCIc:zOrHnWq5Grz/UjdiAVYSgOfc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK | 2.67 KB |
MD5:
1e5cd8013147a54bd3a517a6ef645641
SHA1: 0eecb08bb574fecf311e136728811f53f4696283 SHA256: 1a4a9fb770a2aac8158ab3b863c2618337be450cc389693a4bdbcb3820d3225f SSDeep: 48:ZD4T2uzMxJuEpPiVGWLWx+X216KeBS70ym9AEZBb+11ttIbQOzXr/kz:ZU6ukJu1Lu+X2167S7fm9lSnHIbQWr/q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK | 8.28 KB |
MD5:
939f5e483b99f1d950c1af7d64c2ee61
SHA1: a5d960f7fcde6ef8e0691af983b0f8761a745e3f SHA256: a01540153f2895001dec437796a1e7086cf37af880dcfd10230773b15102bfdb SSDeep: 192:vcFy0rnut9b6rTC6IlABo9sa0zRC07KVpwPkp5IaS+djL+cSF9IoDU4:UFphMvsauGVm8p5IZaj6vF964 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK | 0.46 KB |
MD5:
74b1dd76b67464adcf5e839d8f9bac4e
SHA1: b1e0a3ab0e13d7504329ae90efa15569ee5347d9 SHA256: 7187ebe0df8e255d964921f0ec6f9703cfd1f25600b6dfa85cc6af5c3415eacf SSDeep: 12:c8jhkKx6ufyC169iv7twiTvL7shRzat91:rOq6e1gfi7L7uRAv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
0b58e672201877415e53a45c0af4e5b5
SHA1: fe7c8e6ebd9eb2660cf0549a023cd63edb1d6972 SHA256: e9adec0efbeb47065822523337c031bc60e1a7c16b93ff609d11c777018afa6e SSDeep: 96:mQbqYYRVdSIJ6mnx3YK3/aI5KmDWRoIYZ+9zRzWoNP5W27HDAgffB1abUPA7AiP:mqqZVdHJDnx3l3/pi17PwccgfZ1abNB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
648dee50c826b458787c577263837f74
SHA1: b16ed45419ab89023e4d852df40f8d27c529e924 SHA256: 05bdd6573f70f0ce18342d71473c0623ec27123d169ad34a1a9f72ad0f41429b SSDeep: 48:Z7KOOTaX/r/iL98CegLeFQNReuJBcAjyzHIVl/yieuv:QOO8/Em5AeFYReecjHCeuv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK | 0.44 KB |
MD5:
fb505abe88344d21ffafa9303772837b
SHA1: c8d88ba934dced5a18a4d7eb3b569fd2ebd73d61 SHA256: afc3a5e3efd138967743381b0e6f6b6e235dd1c28c514aa8ec68fb09d3a05c7c SSDeep: 12:Pe6cta7tVtICTeknwgDYgyNbmkleuy06gGVxYn:PeLa77SHknwgkWz0jGVxY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK | 2.64 KB |
MD5:
9de2b061032d3a1e9e3d18f22d7457b9
SHA1: e4590b393a962f5ea1f12b2df7589891fc6c945d SHA256: dbe74a24ea05cf2382d399ff4a1e40c6e922ccf320910aa2ac98c177dfd7efe7 SSDeep: 48:RbqrJ8yaRlDSSCFRQ/u04Bq/ce/l7KP3+zwlU4ArtMjNVxBEnGKUn/qgX7nYn6bQ:Rbqr+bItq5lGPOzwljfrBE6y+yD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK | 0.41 KB |
MD5:
79df0dc76b1d7483be90a72367373113
SHA1: 0433c0bbfed1fe61ed09b41b518c96c948696cfc SHA256: 1f5fda8f45b17817c46fc636f13404bf9cce7763585b3beae51e4d1db134f698 SSDeep: 12:4CrquXyiJnrHjVBFtw/DAAk0mBihh8oRd93DQ:4qXfJnjxBP2JuvoRfU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK | 0.41 KB |
MD5:
cb86281727ea3943a558084b19f55123
SHA1: c0c21cc7662337b283862a09b3b37bb2dc598e90 SHA256: aba72fe58aa17accaa77bd9dbef02c880c23dd580e52ab91d06a15e13d5e0704 SSDeep: 6:+7gXCdlLuuJF5/0dADs+GdRszKlhCL6wHMZDfwgFq3xviwMXdYEWt1COY65c:Q1Lpf/VDqdrlhluMlwGwWd5W+OYX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 784.33 KB |
MD5:
90a2e4498f6135d4babfe250358578da
SHA1: 47fc80a76370b3071d4049b655c3bcb4eea6842a SHA256: 5d3567d7e8939ea60b3e5ca5f5f2d44356d24ba4b2c4545d391ffdb78311f9b1 SSDeep: 24576:qrofIkcxN3mW8bMVf/pGjW2BxybQyvHd2QbT5T:qMQ33mW8bM1/wq2B8LxNT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK | 0.41 KB |
MD5:
4c990e65ee2cd50f38c36f62c3751eec
SHA1: 578d595a782ab93a29b964ab645cef29aee90c5f SHA256: 2548b0c34e6a1eca11d1bb6a1746045bc6c9c31ec6f7e595268f7bc534573b0b SSDeep: 12:b1rY+uH2DnPliAOnONizytJQG39HdthXKl8Bo2V:bRI2DPl1rJn9HhXKKu2V |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK | 0.41 KB |
MD5:
285b49375336c31e3b10b8cc7522b7f7
SHA1: e9846fdeef152bc41c99bcb08212b9379ca5fa7c SHA256: 2d5ab8ad7e06796dee978ed0bd04c4e4de8ae32d837f44abe71de48cb5386b01 SSDeep: 6:JvmlPTkqpgiXGTdc/0bca6CizNwSxVcvZOW8BRTfFIcd707ixctcqtf/U5WB11bA:klLpZXEdccYRbpNDeZOl3ICCv/GWBmUi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK | 0.41 KB |
MD5:
bf9ca786b74ef58a3ad2634e846753b2
SHA1: 8554cbde6c0141a9afa5d9eb7cfd967dbf689c2d SHA256: 780950cfd48e0eef042f6e145b1c0133f2d6c7d80710b8b5c7b83ef0f650a4c4 SSDeep: 6:47hEJKgmO04l4CEli8tpXDtiTOEWV7FiZHoQgPLoWcKKhcBBjKjNqtjtgAYDgq2o:VJl50YQPtpTt8PWCeFLoKKWB/jMhHL9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK | 0.41 KB |
MD5:
6b3817a926f64c8492855624a29a004e
SHA1: e9c7a2d88e305bb59d5ed79a88d72bd8a239fcd6 SHA256: 1b03b2fcc46b2b4213e714f59fcb641419bc35772ee271e32f4e963fbe1b12ef SSDeep: 12:G3MS2Gx3gpx9sAmtc6+Icea8LneRKc7We6lkNvyS79VeDkd:G3MS2GxQFsXO6Ike4tlkNvyS7LeI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
52165d4f97524bc73bab34f69e5f0130
SHA1: 0f483d6d9a0c0aa86b6e64a4b9be7fdf8f948644 SHA256: ebd00ac3f49456ce37f99d75aaa8e74951ea1d32eab4e44b13ed7caf68c07b33 SSDeep: 96:4vzAXkOWyiHd9QPrmCom6KgNeqRx6FTYRMmd5l7x/ziFGa8sPQmlvNKZOyQC/Q:iQ9yOrEXeqRx6FYXl7x/+FVhokEOG4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK | 0.41 KB |
MD5:
154dec0b3fda6ff6e080e361779f9418
SHA1: 00787022c0c3123160275a73e646c9866136feba SHA256: 6db5a2c81b36329e7684602c052f335d46d6ee6d076de16039a788f031cf9d97 SSDeep: 12:Qu9Ug8/hxQ2wptwIjIFio24neXnzAEEv2/:V9UtzBiycIFioPeUE+2/ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK | 2.39 KB |
MD5:
4bdc3598145ec973e4db8215601a6370
SHA1: 6e3ed67dbf72b0b9ccb0950fb530c9b4362c5292 SHA256: b4f2eba0706bcc5fc0f2644e62cb28953f38e7bd8a2d63b1447aa647750f7963 SSDeep: 48:fXg9Bd4oAEJW5Tks96zOvKdz9pHPhhkMH3aCmpDxWp9T0QVi8E4Xc:fXMd4wJW5bKHPhhkMHKCmBxWP0SE4s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 16.28 KB |
MD5:
12a3a8468899ae4fb1ff2886c32f7138
SHA1: f41bdbbca2d8358fd9ee3949deea1c6486cf6a38 SHA256: 21402673b864602d8cd36b27898cd69cefb37962b3d1277cf1009824820de193 SSDeep: 384:2TYblOeyap3oVA3HW+LG9EEO8O9Zb8WuG27PrMNy/tL:7lJxNoyWmGUbVuZ7wMtL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK | 0.44 KB |
MD5:
9af8836eb2cbe793fbe2d7fc9eca4a40
SHA1: 6ab266485e1278c23b9cba548bcea91878f5214d SHA256: 31774574d99851c4973356d102de9a7158c074d047dd569fe1bd738c4a521596 SSDeep: 6:sypUucT0zZbOjT0bhLVl8W3ooGTmv4mCki+rWTxeAunb6yaklWHeULOEQ+eIn:n3HzZbMyFLoohvSk6cAWb6yakY+UjL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK | 0.41 KB |
MD5:
b6fac1c69937387bab7ba1006e98e029
SHA1: 9da4d1918aa42cbe0f4cf3a0b91a732a28e053d6 SHA256: 1e19f6ac4217fef68d7c7f35a727fb20c337d03138052beedab26c784368a439 SSDeep: 12:YymV/qGve9UNTE9Vwmh6I02ur7W5G3wEvJHB:YHV/qh2u9VJP0/rS5ewEb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
6f45a70523a04b4a4b0fae69bf99c8dd
SHA1: 5128ff3caba5ca6ce777d522b5a44db9d28a65cf SHA256: ae6dc037c24031db07056f7185bf3208c8cc755368028d1315a6daa41be320ca SSDeep: 96:4yBEgu6YUE2rqrIFF4Dijqwo/LNxr9kIvRE1tTmK5qFg:V8OiYuWDo/5xJksRGtT5L |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
d710bcc0c380a7006a7a972df300c940
SHA1: 31c944a9ed8bb9d8372402e35008a47bd6b613c8 SHA256: 77d00168f976eb2c11a21f62226789e5431995c9efb4820d15b4dc12c2d6a639 SSDeep: 12:kPBZg2ILGwLR79AF4w18GLAoQh7glJ2fCJES5ud1HihfJKOOM+2bP:WBWDFKpPQ9K2fCWPrCjKOPrbP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
f0897a7a54fd3affd7b66f91090050c4
SHA1: ccfabd1d77f7f51849c8280441cb7a0186562f22 SHA256: dffd7959987fc6c4e3afeff219bcd5b518fd468d5cbb1d90b4e6cef4e8f4d9db SSDeep: 48:IypcGBz9HECDsQTLW8NxpnngRlWMRv6sRrCPRb9dBnaHHX/G:ouZkCDsQ/x1GisRrCp5neHe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK | 0.71 KB |
MD5:
d2ad0fb44819d965da98b741894dbc9f
SHA1: e0846919cfc513771a51a7771e4797b2e950f351 SHA256: 8f4ef08ff5ede81c56e574565df1a225caeb0903da7753b522d4da6ab7a1c857 SSDeep: 12:Cpzjs2lN41e+3pwFy7OzfV8iZ6kXo4AUOXDYZA4x5ivsgXE1kiJBEY:sns2lN4/Ox8iR4jU1+vsgX0TJBt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK | 0.30 KB |
MD5:
d5f76ec42c89319670e43df91477467c
SHA1: 0ca62bbdfd1a5d8a9dabc3b6a62fc6d9a6a50bf5 SHA256: 13556e3e718a993d78f75149e44fb0d9b49c9a100874b2d594a01d427a11dc14 SSDeep: 6:j83dO5VZluhpSezQjyuDoXhs8jVHW2JsIlCRw8q7rA19HXL1n:o3dOvZlunQjyuD8sUwzIYrIrA1lJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK | 0.41 KB |
MD5:
b386af410192b88af513ae8b485270a7
SHA1: 5a72ba2b5682ef3e390d7bd1851e18e29a46d49f SHA256: 3dedf987e02209e45a0d23f926998adf37d1bb3766b6ff2f9e38fafc46d2bcd0 SSDeep: 12:4O7is7G4CCigJrMOnIYVENFbGUXcjhkZtFrmBS6j:DBG4BiaQNRXcjyRyBj |
|
|
| c:\users\public\desktop\acrobat reader dc.lnk | 2.36 KB |
MD5:
8a8bf0e9e88d8934aedda839881161d7
SHA1: 43f01c44a3d5b46cfff90086179b512786d823fa SHA256: 1c0cfc91b3a5461dcd54ba706cb0d537f3302beb5bb61fc93f46382aca967c82 SSDeep: 48:FDb/0ukJPLjKDNcoRi3NR7syWGO09wI3BcP/xbEyqKd0rhvtteEfG++v4+nn:J/dYfK2o2DAkBcPBzqKd0rhvT5GNvn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
8bf58f675186a3d01cd87096e02d2904
SHA1: 6e479f7a85b86603fdb6dda90220e5bef3274e4b SHA256: c1bde4767cbb559ff635a13fbda741a2d84073cb6e72b11dd7a689c64daf4429 SSDeep: 12:P8iVDd4InUgb/QRmNFZfcVPapv8te5RIkRQK3g4iAlmMafQ8o3aG:NVDaq4mzZIiHRrhpBl31 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK | 0.41 KB |
MD5:
7629a12eef49800a328e619448e1fe07
SHA1: cb657c65e6c9ca07cf539b3f135b6b44d24cc7f8 SHA256: 770f02ef462c58e8c1fbac9be2dfa70043f9ed04bf388e2b05a99495d68fa727 SSDeep: 12:nDDEs7oqV2mz35ztsocrMAHmVP2JzjP7tEv:nDDEoZj5irtHx9tEv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.27 KB |
MD5:
d9a3776691ef46f21fa9e978105c6e9b
SHA1: d3d01c188811334cd6c1a5e610e71fe5bd5e037b SHA256: 8e1ef41d2047db0fe8d0d85b38ba6d6ca516ea1284e20c1ec4373cff42cfd6c1 SSDeep: 24:T7KdZCwBK2aUQMicwiutSnO3fqljgy/7zGbVJw/A7XU6mGn9:iXCwESQMhwiKSSyPGbV2JE9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.42 KB |
MD5:
10e25a547f7b3cabb4164258d60a1c23
SHA1: b7f99d0b01e078a6a1ef2482dd84edc12786f637 SHA256: 5993f204ee9c29edf264ff80a81d76a6602305a7cc2ceede45a177d64229f839 SSDeep: 48:hWEjaOladIbu4dTTz3X8mPYxfmRVa57bgLtW7G6vwmXHxT8fSs6:hWE7cdSuoLn8VuR0T7GFmhT8S |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK | 0.41 KB |
MD5:
ecc3604008f93b30130c986cb447e7f7
SHA1: 5e2da6f95873cf812264ca8dbe796660adee7440 SHA256: 76aa3120b15a65910d35226ca19d16ac52597748493accb106a47c74b372fc11 SSDeep: 12:wCQT/5Hwqa3JwZ69kSWM7HEbRGmacAPT4UPNd0mXzdeyAw:wHTBHf6JwA+M4b9A7PNdJeBw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
a0ae83d0475f6aacfbe71322e94ab9b4
SHA1: 0974b5d847a3423d1b59c6b126c108fa9e3f40a6 SHA256: 72727a49a0e782d716d9bf7130b9072532488a5a81f03c7c8f7db85eb6c577a0 SSDeep: 48:Iqd8pz/VHIvoPF5rkiWX4TSDRKfqI1gEnNCrHpYyIb:MHIvqF5w3ITyKN19Nipfc |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
702aef55d4213f91cc1c01432223f600
SHA1: 966746a354830a2b728eb006130e2555b9868a9f SHA256: d74ec45c0cc70afc3a274682972e41f8e86161fc6294cba467f1b7ec7bbfa365 SSDeep: 768:qe6gt6WFO4F9Nm1YCUvnuYDf4ov4ZsTwkhD1R6dTSXUczJE7U3CPljfXcawWLaQ6:qexPt0kvnBfUsEo27U3gj/cRQXQhmjU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
0451cd8e5ad3e3ce7cd51607ba0b2edb
SHA1: 15abdd04867894e5ad06f94c483d8c82e582ebd6 SHA256: 389b55b662032427e0be1b02fe15360fa16b7ee85cdd5362fd3d9c3318c23e61 SSDeep: 48:aU3il2X76oEUl0cWqu45QDZ+7yJMlXWh1frSJ1zgsBqutluQ4:aU3i4mTLq9+Z+BlXWh1fszgyluQ4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
9bd5df84207eb6c41650ed6da87b4a3a
SHA1: a0f8d78bf5e889bafe75126c0486695b0ce018f3 SHA256: c01616bd776e84c888e1eb55b0e7d15b566193d91f7d61ba0896370b495c77fe SSDeep: 12:Vgz3EO36ZNc20PR1yVl9P3FTc7cKMsi+YZi2ZY9S/8/Jn:Kztqo22R1yV3vZUMsinE68x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK | 0.41 KB |
MD5:
80cb14e8a1a2b23893be7dff600837fb
SHA1: 2850bb19aeb721f46f7ae97f9c3ac5a944471e26 SHA256: 412f526da238dca1b6ff322da07b5acccb3c44aae3ae60e1ecc211b95a7fdd12 SSDeep: 6:rJEBtItuK9zhvqlD20h7kdJTWvso7+dttfmU9Upw14od9LEn/eCpTKC9MEU49UfM:ksuK9FCdWdJTzo7wtttBVE2YB4f3AD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
43857b91f40a580765dba15b43a24993
SHA1: 54ddb105e05d3f2173bd3f483c356edaf1ce5e6b SHA256: c760b60ec2cc1814193f3fa77dbeb6786d64fb9b0caacde16379f079a4f93bdf SSDeep: 12:w512u2OXqCpHrdo1rRjXUm4nhvju/dc+2NXSpgkcZLyjWjLBp:wZXqIdMVL1Mhvju/G+2N6JcmWjlp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK | 0.41 KB |
MD5:
35a19702037a706566f310a887b43c25
SHA1: 5dd6cf95941ef2a6e3f99d57d43fcaa15d5f5ef7 SHA256: 3b229e6a98e6c411a63de597896f58d5e969c63f6d5e40cd27ca8ea6c96c67b4 SSDeep: 12:Nb73AzlEK5piQeNnAt/awgtIt7c4gwae6cx:RAze2gNAN1gtIaFw5x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK | 0.41 KB |
MD5:
b3f85e51c8a34634a008fe6dfc9c5914
SHA1: 51e418fe13e612516c19a874a8d7af9c732f19e0 SHA256: 6f3d87f86129aa5ffb1f0acd475c549593fc5183ac18093960dc13a211be8179 SSDeep: 6:5Z6+GCyLiBYAn/mTkla7ReueoEbmLupt1mwEfO9yBBtIctzxt9oMpyu4vBjJn:H6+GxiBFviReVaLmZIBBBtIcNxfX4v7n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 16.28 KB |
MD5:
3dc217c394623f6347c4cc2d1c04461b
SHA1: ca1f61e3fcdecf8e4da8dd1c00a961c166e850d8 SHA256: 943cbce40b8b5de4fb4cf40f17559fbe67e9749ce5ac494ade32194fbfd3a8f2 SSDeep: 384:PblSCnyjLOTxgMObnlqyeWUU1tHSrTbNqgz6dey:DnSsxgMOblqyjiAgu3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
af9e225f5c805ece5624412234903d0c
SHA1: 8a68be8c3106c088d9f7a1daf3da956a7df73ee4 SHA256: 7eefc929c7a5a291eeabbeec58c666f2a7045e6fa2f9adf337d745123a9343e7 SSDeep: 12:QvA4glM8zY78vKc3EQcDdUNFDShSQ9dKKhhjc4Q2kHjEZzPGB5QhM2IYVGgj+ojG:QYtlMUY6Kc86Dc/9dKKzrpawPs2IYra5 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
bf3e8cf77d7e4c61c060a656634bb1d3
SHA1: b89cad86cf0d7062c9bfcbfcc5c97eba63363bc4 SHA256: fb3ea50e58762538170de2cbaf4cbc808572b8230c8ca92325238fdcc229798e SSDeep: 192:LQ94zj7t3Y5zZqu/3kkE8LWo5PUyPq5FQA5nVWpqhX:Cw/t3QkkEyCbQ2x |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK | 0.41 KB |
MD5:
b3336d741499b7751de89c91a3945822
SHA1: a1c4d3fee482dfae56bb5e3db160eada6b438360 SHA256: 6ed2ded9b8d9d55699347d7e5e2e8e2cbb5c122693410ebc0a59ad7ba7853fd5 SSDeep: 6:MyDrub98iS0pwKr+/46PDYgPZxv6G7A6mPRp8p7nHvrOsAk1smebTT00/kOawQt9:ju58iNdcYgPZxvlARp6p7nDDA4evAcJ8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK | 0.39 KB |
MD5:
a37e1f85525fc3dcb18ab17629e31b90
SHA1: 85c2f813d70e841fb3fd4b7a3e205e93843944a3 SHA256: 7e006f2a421f14ae365e707accffb2eb3f895f56be1ea8ea43a6759be2ed4cc8 SSDeep: 12:KJx0Bbc4f3fqJ5/uksyn9XxeeYDSdhZV9zl:SxKiJlJ9XMPD2D7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK | 0.41 KB |
MD5:
582b5373e9adc3d3e6890b204266f7bb
SHA1: 880bab8d42c6fa2484a596e2bc7994292e55b2e9 SHA256: 930e144147c4519f5b42bc97aac98bc6859eb95c7e9753382310b68059f2d786 SSDeep: 6:sL0ILjcm0t77Yl8pQPLIuc8xA42AqJXVTsZypheD2dlZuAqnwYJmP3O:sgIXr0t78gQPLICqQqNVTJluAqnwM8O |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
685ae223a9d670a6e06a26b3dafbc8cb
SHA1: a6aa2fe1b5dcf4511f636b97c1a5a21cc5b8a583 SHA256: d5257ab4158b4e0aac4ef185406ad52792a498bfb4ef4917d05101a25769c46e SSDeep: 48:8TzdGgdIRKhocOb48k7Y/lPIoZJLnQsrvQzYbfsilamI7ekKzEJ+3ypLZAJmX8uY:UrFgOwZZVnQ8vVfsiUdqUJEeK2P57yt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
8f0bd2751d8888a0c3091cd76b37546d
SHA1: 27ac87845d4737571358c527cda3fcf774f96b92 SHA256: 95362dc49e96d0c6d1acc12c5f1b3ec48f08460c0c268726d95176ad7f473b21 SSDeep: 6:ezw9Cd3SYL6/KQtv8POKK2NCVfwF3I+/aapmT9vR17v6XLENd8j7wVRYl27Bgzx4:eCCEYotvSRooF3JCOmT9vTpk7vxETv |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
e1ed4fb520fa9410fc3c8efca74265ec
SHA1: 1c1a877cbb077f6b92c0f0d01c4eea2a8aeecf08 SHA256: e0f78f776e1b4de63537b1dd2798b900d054db03b45a71349818e42daa4fc852 SSDeep: 48:fBH1NaYMppJLkuFXTsFUB2y9g/rew5atT2EFLh8j8s8uZcKq6bh7Vwom:5VsYPu5Tkgt+DeGatTnFhI8s3ll7Vrm |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 16.28 KB |
MD5:
0b6a2c3f4092cb37d838c5523bfbbc47
SHA1: 4cd2dd6b349dc67ddf2f828baa6e07f84e574cf5 SHA256: 9d669000dc09e385f6efc78f65dad4a51abbaa03f215790dfb8a31ed7bb029c0 SSDeep: 384:LT+zVa9px+mMoIEjXjQgnlnEJr27KDAj2JSZHpTEokQKM7x:Sa9fsHEjXjznZi27KMKQpkA |
|
|
| c:\programdata\adobe\arm\reader_17.012.20098\acrordrdcupd1800920044_incr.msp | 10.00 MB |
MD5:
c07efece4d0d44f8c6284eb43066f45e
SHA1: ba9dbe8c2553ec95c5945004a0251d2929ce9583 SHA256: 010ae2bb6c236e2fbe5a8f58d23267a66b6ddf0d81d8b774f07d684b783e1e75 SSDeep: 196608:F6aPNdKvwNR5bnZzwitGRFJvW2YxWCqoM4ffR/uRVr8E7ejFul:FRjKvwL5L6tvhTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
c824da5e042f3957d7ab654663bf11bc
SHA1: ce15d10dff28236f795e6e9af5ec5a1aade2a12c SHA256: 19a055c97665e55aebb8d941939cb8f69f66050180ceaf7efff20d699d8273b8 SSDeep: 48:RuazFyYXXJUW3zn9anYIxL0L/LhIUjNAnVSxBG9YoAJem25:RBzFyiOWEYVWTVSO9YoAwm25 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 16.28 KB |
MD5:
d2d38885dd49b2b6f642e87064b7fde2
SHA1: 26ec60a3a6ea4aa47dcb5b06180c57ba666940c1 SHA256: 1758238f8144547d64112295f0cef1d5fd8cbd83fe637c889abdb2a0bf1efd2c SSDeep: 384:JBqCk77o2+F1orwu4gbMBeQ+zVbsc6Axyf:Jy7o2S/bBZyVn6A6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
ec6bdcdf00230fc91f34cbc500a50be5
SHA1: ffd0a3348c159606ce8f5cd7e6e236e2b14abd4e SHA256: 4ce5ae7bdc6692b854dbe0aab69650da1f1e0d1fbfab3c7c4e94432a54310da7 SSDeep: 48:UXYQswMypu9Ksnikh4Yl9TSgc9tEg8XqclyAqh9NrKPuoZG+/Q:Uhhzpu9Ksik+OTSgc9t8aEBqh9NrKPu7 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
81fabab16451653a28ebef487db022a2
SHA1: bb820caecaa3c39f6e68ed754e86895370337b42 SHA256: 9d334b7737a39a370db1c87ccbee2fdbb24770320f3fe5cb6ab4436c4bcdd841 SSDeep: 48:tiHTazf4lGiD4Ox23bqOPZJQz5SH+MIN7Sb85s+IYd:OGzf4siD4Ox2zPZJc5H24f9 |
|
|
| C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK | 10.00 MB |
MD5:
83f9060c4e4f5a09e21fd91393da6d21
SHA1: 052b35ea11fe33b6dc01b8447dcf9fe139b66b18 SHA256: 148774551c19317a2c577572ce16d8ba8723d8780750f7718c0d9e73124ba216 SSDeep: 196608:F6aPNdKAVKIQtgzY9EyjVx2YxWCqoM4ffR/uRVr8E7ejFul:FRjKAVqtgzY9dWTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 16.28 KB |
MD5:
0f2f7d3974fa9c24e7870bf7740b22c3
SHA1: 1fa5bf95d8050d8790c36e1205dcb972a06d9ce2 SHA256: 0cf59335bae48f528d795d1c0c49e600214c4ec5aba7be76befa30f58b1fd124 SSDeep: 384:Xq00gJbVRG1JO3p/DKQWz1kq+b/3nszn3FlDzQH9fvr:XL0glVRGP20+b3sznQH9fvr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
a451dc4df9d263df1d01a3f5551599a0
SHA1: 7bc83ef2a6c74eaacfa38c146a278234dce9d2f7 SHA256: 6c1cf2e05de0a94c29e84ed5a8414c93ccbc163c1eafd90a14e6ae1b433de3c7 SSDeep: 48:aa71Sq5iP9QPchgrXHIS5UfxNniv0sgQKOCzD1evcrTfyTFP:dl2wHrXoSoxkvv5CzsEnyTt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
777316fc48e1857257e66ecf6715262f
SHA1: c082d854b8bd43ce1c379dee2979ad0ccecc7ca0 SHA256: 668020e005935cba1e277a0242df8ab34fd742fef50676dd14fb3d25454e137c SSDeep: 24:B44AqzxaQ7gconPQc/dczojk/RcUHHsIGCFIAL3IuFT9ppZo8IF3DpClyv41B23K:B4vqFaagco//drA/RcecCTrIuFT9jZoo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK | 0.41 KB |
MD5:
42ce4be818377bd65e970f4749562abc
SHA1: 028c68a48795066f6a0ec0a86f97db1950b97c2e SHA256: ad538458497141aa1a4f13e47742d4bc870eb7223e61c01db66d56a23be6cecd SSDeep: 6:8eIPxsSkopot4EV6FffSsrOFl6ZAWTXUKNNsKJ15+dOiuD3C0UX1Kns6lSx:uJzXGPLsS2AWrUI+KJ7+dODO0UlKs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK | 0.41 KB |
MD5:
53c971c11a197483cf3e854f5578b030
SHA1: b66341b360c29e02535890c7c003d7c947975396 SHA256: c1dec170ca8681be4ba886f42d5719e79eea8811dd2b24e60522dbe99ff418bb SSDeep: 12:eYERfNWkyVjhJ1A02CXkDnHHKDhgXR6LJHinjYk:eYERfhOjhTn2GMnb69HwL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK | 0.41 KB |
MD5:
6cf57aa8093cb78a9c0dbd1cef4a5b87
SHA1: 081d2e9544e4305341f9d4da9b647f9992ddbcde SHA256: fd1ed3b5864a53e645b96d14cafe618d9a9b24b13358531104ac6159932d4e6a SSDeep: 12:UdntU68Xub9WWZclUDszAoeUgIBFUPbw9Wcq:untj8XO9DZ8yvUgpbwsf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 4.28 KB |
MD5:
495fc4c3037e26ac0b8d748bf4053f73
SHA1: afe563ba6e23bf69c9000669c10e15d51ea43ece SHA256: 20e2f95b3bf91acd2209a9db6d6b450ca90989130189c9d2753c1911fdc33b4d SSDeep: 96:VKRBDOg8xmyx11EcWCtiOsrh4nclTraSV2BNGZTjRHg1/Ep3W:ARBD38x9j6VCwbuERxg1/E9W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK | 0.36 KB |
MD5:
65deaec14db12ceae117df46bd445d57
SHA1: a85a8df49b09a729a22a3754b016f63bbdf95dc6 SHA256: f29c68a4ba02189535302cf2dfe4c476d1afbd671d8361ebcff5e2933233cdfc SSDeep: 6:AJlQ822C1pA3VOEPSGbgd8U1AkJBcnTndgrGyydSnFx0hYhTOBZ7Dhk0iZ/RaO4V:AJW2apIVOMbgd8U1jCnTnSGybnYihuZV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 16.28 KB |
MD5:
5ba99386d83aa5d5d1421e09d94cfdf1
SHA1: 6e1444ac8c5611957809dce09d962b9d45790433 SHA256: 5124c4fb80afd1540243c8a8d7d032e97d74f4fd051d5c21d5be89b2e7f58c50 SSDeep: 384:JT5D4BNKlm6UdARaBJr0MHBDBl4xfdBYPVjI03:JtDUNKlVUdMaJNBl4xKl |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
818524c9fb868422fa0d98f7b64df9ad
SHA1: 02d9737253c2690c6cfbfa2260f46be87ac27b99 SHA256: 2551ad99f1ed5216f8e3504c61e7f01d32212540cd044943e6a92722f64df1d0 SSDeep: 6:oTf5bRLroP2967ObbqKYwbvYK/QFpByop2eH+5rEvc+nF1ZEVfMAu4THdxCCL0IW:oTBFoipyDd2eetE0GF1ZE64THd8CLNur |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK | 2.63 KB |
MD5:
937b5b75555746e39e86c81437453305
SHA1: 7e57f216ff4b59727fd4e9ae17dc2ac48987096d SHA256: 26e05e88d52a09fc59ab8ec57738fed9a10cd9f147a60910b45e8dc16986ccd8 SSDeep: 48:H72NomybBAnFzPAW7BjwRHxoiUP7BXjnCWcR74MHed4PI:Hi5LAYoHu5PVznCF74MeWg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK | 0.41 KB |
MD5:
8bc6de009595a0abff15f2a63108ce19
SHA1: af87ec7fd4fb5d861e09c260ca13374c27d7cb45 SHA256: f02bcb736dacce3c1f52b3493380af928accf57d76a5c13e075806c946adcd04 SSDeep: 12:RFPDDtkCMxMuTLVrWI3sSy9E71MtWYLIXrWgNbqDS+Yr:RFPD2K7IcSOE71MtvLIyqr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
5fbfd9e6ca52babebdfb56e31006c0b7
SHA1: b89c577fb58071e4d6aee00e313f61cf3422bcfe SHA256: b0ec7cf45ed8c4ce236aea20e6fd4f3148bb31f5b458d0d95ac9b6c5a2196387 SSDeep: 24:lCPatxHXWn3O81QOfouUtdljiyewUYTZBD4nA59sakuuH7aSYcwZtEa9M7hlB87+:ESDn81QtRlepu0nu9ssIYcsO7PG0h |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK | 0.41 KB |
MD5:
8401d089bc4389826078003313733efc
SHA1: 1dea16b945f601e762a19adaa6b6d9c338b16df2 SHA256: 748dd14bc0a0db9fbe472450ebc7f16fdb37e4e52f62bfdfdbf4990002ce25e6 SSDeep: 12:m/y5Wv1Q9gaWvGKWQXdjQju42if47zlqJqbN+dO07l7e:rWv75GiXCjZ2D70JuwTy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
bc0c16eebdbd42680a61f3b726842724
SHA1: ab026ecd252d5733daa60863a1cb4cad597e3e8e SHA256: c0c4436b6f328426f8cd1098898f37cf0888f371608f932a245c8a7350693bd4 SSDeep: 384:AFQGrD1PvZtJEYWjuRaDo67CjN09MfkCnQ1b/jK/i1h4Gxwt:Ad1vZtJr5RadY09A7QVh1h4GWt |
|
|
| c:\programdata\microsoft\windows\start menu\desktop.ini | 0.44 KB |
MD5:
364c30ef6340b6d56332ec20bbe4844a
SHA1: f6ff0f7b8bc133948bd5aa6b72f2568a0fecdb53 SHA256: 38308000a0277e33207112fa6f6ff6fd818c4913320f70445ace59c339da9b8d SSDeep: 12:kgYkCw5cZbPPWk2Yj+w7a7b3bP2B3O/HPZ9:kRtlY7fP24R9 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK | 1.38 KB |
MD5:
28b0f6e23d60939b47109bc9e7aa46b0
SHA1: 2ee1d72b0a47d6a16770a20f2c30a0378a1facc7 SHA256: 93c14fe789473a8d445a3999cf59440e2662ea883388922c89173e9e2de3fe31 SSDeep: 24:572zM5zAgXp3IQeyxlkMOp9F9X39pNhnDt2nOfG+6BBeYq6Z8OzSknMCw:5yA5znXlIYkMW9FhtpNzDfGnnHpqOz9Q |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK | 1.50 KB |
MD5:
3473528fd1fad87753436fe5fbfb5204
SHA1: 92e9670f52b6ee4708be28c73c65e50727727a7f SHA256: f9aa2fcc3216f862dd416eb61e232d7ab2323c9f9af5ca682c1551f82c9dc834 SSDeep: 24:P0au5Qdj256Iz0bI+6asjo4/lS5zEBdCKyIlQeFVT2GoZqkNRK7uWTiESrm:P0anj25Vw0+6aA/kEB5NFVTDQVWz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK | 2.67 KB |
MD5:
6c02d874ee7e2c1c82c283b62ae921b7
SHA1: 51aa72baccffaffb504c54760972912646475d08 SHA256: 55ce0399eb0312536948d194e18811e9780bd597b9229238967e81dbaa75ee0e SSDeep: 48:468N7BrHbnUfr4ey9568XL4CT7DG0Zz6Jr8+B6AYrR7GAP0MArSfg+uJbW:tw8r4eO88b4QGT8+B6NAZM2t8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK | 2.38 KB |
MD5:
1a7b99f7737e4eac1ea2575907760f1b
SHA1: 275e110d65b62f98e22daf3a9d6b0754030bd6b2 SHA256: 77afe45d9aad1fcf0dc1f1ec3b4d612a2308f3b242af4848d973f9c4b64e59e7 SSDeep: 48:BtGnQLvAijkjFznmXplByB1sRd5cgkfqLhEgNCpOsiU3/947V4NUo:BtGnQLYWIBmXrQsRfkZFMszV4hwUo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
041b1af554d37feba91cd96999254c1e
SHA1: 7941712d840bcce5a48e2a78e5b21c9f6f4d83e4 SHA256: 1732758e455ec764f9acf937a059c4025bbfbcdf1cf4bc45f3c96355c5bea1f6 SSDeep: 24:pDOfnt8l4L7HgcAwTy8ow7h61BuymmuVJkMcagRRqh1jxUVBX/m9UuMJr:pyVlL7HxAwTfNaIbPJo701jiVBumuMV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 16.28 KB |
MD5:
002c877d7a885646c29c5fe511bd2afa
SHA1: 602081fd56e01318bd73d85efbd3c109e60d83a4 SHA256: 437510eb5e735465d5fbb67059ed085b024f916dc3a607d8609f53922d776cd2 SSDeep: 384:4I76vCipxo7y5RZURlDdkyzc1KHCi44ysbzsxlQM4wlMHl3azP:4IWaipxIoZURdjzc1WAwbzaaHd8P |
|
|
Threads
Thread 0xf0c
26460
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ffc55093900 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ffc550a4580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ffc55092900 |
|
1 | |
| Module | Load | module_name = advapi32, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = EventRegister, address_out = 0x7ffc57b88ff0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = EventSetInformation, address_out = 0x7ffc57b5e180 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ffc55093900 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ffc550a4580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsGetValue, address_out = 0x7ffc55088e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ffc55092900 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = LCMapStringEx, address_out = 0x7ffc5505a930 |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zOTcI.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zOTcI.exe, size = 260 |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| File | Delete | - |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zOTcI.exe, size = 100 |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\sihost.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\sihost.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\sihost.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\taskhostw.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\taskhostw.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\taskhostw.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\runtimebroker.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\backgroundtaskhost.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\backgroundtaskhost.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\backgroundtaskhost.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windows multimedia platform\commandsxerox.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windows multimedia platform\entities.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\microsoft office 15\oxide-shift-serial.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows media player\eggs-listen.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\microsoft office 15\pmc.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows journal\resulting_node_selections.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\internet explorer\authorized_binding.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\reference assemblies\mathematics-numeric.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows multimedia platform\fascinatingcowboy.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\taskhostw.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows sidebar\scsi.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows photo viewer\contests.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\uninstall information\hampton-affected-alcohol.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows portable devices\leading arcade.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\msbuild\weak.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\microsoft.net\helpful-personally.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\internet explorer\domainsbreathreveal.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\mozilla firefox\slightly.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\internet explorer\ward flag.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows portable devices\freight_beast_turbo.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\microsoft office\ages.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\zotci.exe, base_address = 0x7ff7503c0000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\backgroundtaskhost.exe, address = 0x7ff7503c0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\backgroundtaskhost.exe, address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\backgroundtaskhost.exe, proc_address = 0x7ff7503c2870, proc_parameter = 140700179759104, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\BCD.LOG1, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\bg-BG\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\bg-BG\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\cs-CZ\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\da-DK\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\de-DE\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\el-GR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\en-GB\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\en-GB\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\en-US\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\en-US\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\es-ES\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\es-ES\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\es-MX\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\es-MX\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\et-EE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\et-EE\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fi-FI\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fi-FI\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Fonts\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fr-CA\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fr-CA\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fr-FR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\hr-HR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\hr-HR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\hu-HU\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\it-IT\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ja-JP\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ko-KR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\lt-LT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\lt-LT\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\lv-LV\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\lv-LV\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\nb-NO\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\nb-NO\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\nl-NL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\nl-NL\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pl-PL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pl-PL\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pt-BR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pt-BR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pt-PT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pt-PT\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\qps-ploc\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\qps-ploc\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\Resources\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Resources\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\Resources\en-US\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Resources\en-US\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\Resources\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ro-RO\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ro-RO\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ru-RU\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ru-RU\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sk-SK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sk-SK\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sl-SI\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sl-SI\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sr-Latn-CS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sr-Latn-CS\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sr-Latn-RS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sr-Latn-RS\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sv-SE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sv-SE\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\tr-TR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\tr-TR\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\uk-UA\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\uk-UA\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-CN\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-CN\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-HK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-HK\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-TW\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-TW\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Config.Msi\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Config.Msi\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_5923062\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\UserData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1314 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
|
For performance reasons, the remaining 25410 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xf24
128
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 |
Thread 0xef0
108
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 |
Thread 0xf04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\BCD, destination_filename = C:\Boot\BCD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\BCD.LOG, destination_filename = C:\Boot\BCD.LOG.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Boot\BCD.LOG1, destination_filename = C:\Boot\BCD.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Boot\BCD.LOG2, destination_filename = C:\Boot\BCD.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x924
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 65552 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Boot\BOOTSTAT.DAT, destination_filename = C:\Boot\BOOTSTAT.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\chs_boot.ttf, destination_filename = C:\Boot\Fonts\chs_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x148
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\cht_boot.ttf, destination_filename = C:\Boot\Fonts\cht_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x870
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\jpn_boot.ttf, destination_filename = C:\Boot\Fonts\jpn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\kor_boot.ttf, destination_filename = C:\Boot\Fonts\kor_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\malgunn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\malgunn_boot.ttf, destination_filename = C:\Boot\Fonts\malgunn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xce0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\malgun_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\malgun_boot.ttf, destination_filename = C:\Boot\Fonts\malgun_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xce4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\meiryon_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\meiryon_boot.ttf, destination_filename = C:\Boot\Fonts\meiryon_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x85c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\meiryo_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\meiryo_boot.ttf, destination_filename = C:\Boot\Fonts\meiryo_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x88c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msjhn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msjhn_boot.ttf, destination_filename = C:\Boot\Fonts\msjhn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x798
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msjh_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msjh_boot.ttf, destination_filename = C:\Boot\Fonts\msjh_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x81c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msyhn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msyhn_boot.ttf, destination_filename = C:\Boot\Fonts\msyhn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x550
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msyh_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msyh_boot.ttf, destination_filename = C:\Boot\Fonts\msyh_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x554
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segmono_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segmono_boot.ttf, destination_filename = C:\Boot\Fonts\segmono_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segoen_slboot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segoen_slboot.ttf, destination_filename = C:\Boot\Fonts\segoen_slboot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segoe_slboot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segoe_slboot.ttf, destination_filename = C:\Boot\Fonts\segoe_slboot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\wgl4_boot.ttf, destination_filename = C:\Boot\Fonts\wgl4_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\bootmgr, destination_filename = C:\bootmgr.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\BOOTNXT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\BOOTNXT, type = size, size_out = 1 |
|
2 | |
| File | Move | source_filename = C:\BOOTNXT, destination_filename = C:\BOOTNXT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 8208 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 6 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\BOOTSECT.BAK, destination_filename = C:\BOOTSECT.BAK.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf20
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, type = size, size_out = 23506944 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x764
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf50
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfe0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfe4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xffc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x200
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xae4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xff0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 2130, size_out = 2130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 2144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe90
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe98
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, type = size, size_out = 278 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 278, size_out = 278 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xea8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x434
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x530
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x470
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x224
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbf8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, type = size, size_out = 14972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 14972, size_out = 14972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 14976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, type = size, size_out = 14972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 14972, size_out = 14972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.txt, size = 14976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x538
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x274
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x304
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x728
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x248
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x770
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x968
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x950
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, type = size, size_out = 2420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 2420, size_out = 2420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, type = size, size_out = 2420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 2420, size_out = 2420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xff4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x578
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, type = size, size_out = 1010 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, size = 1010, size_out = 1010 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, size = 1024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, type = size, size_out = 853 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 853, size_out = 853 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 864 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, type = size, size_out = 2197 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2197, size_out = 2197 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x334
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 2419 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 2419, size_out = 2419 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, type = size, size_out = 2419 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2419, size_out = 2419 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xaec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x510
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xddc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x90c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, type = size, size_out = 2219 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 2219, size_out = 2219 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, type = size, size_out = 2399 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 2399, size_out = 2399 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 2400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, type = size, size_out = 2413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 2413, size_out = 2413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf00
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, type = size, size_out = 2413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, size = 2413, size_out = 2413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, type = size, size_out = 2456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 2456, size_out = 2456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xba4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, type = size, size_out = 2199 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 2199, size_out = 2199 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, type = size, size_out = 2467 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 2467, size_out = 2467 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 2480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, type = size, size_out = 2174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 2174, size_out = 2174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 2176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x92c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x84c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, type = size, size_out = 1588 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, size = 1588, size_out = 1588 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, size = 1600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x958
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xba8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, type = size, size_out = 2449 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2449, size_out = 2449 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, type = size, size_out = 2158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2158, size_out = 2158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xacc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x418
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xed4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xee8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xdf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x784
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xdec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, type = size, size_out = 1974 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 1974, size_out = 1974 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 1984 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xefc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = size, size_out = 1972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 1972, size_out = 1972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 1984 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdf0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, type = size, size_out = 1382 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 1382, size_out = 1382 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x900
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xed8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xef4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xee4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xecc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, type = size, size_out = 802872 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 802872, size_out = 802872 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 802880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcb4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, type = size, size_out = 5400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 5400, size_out = 5400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 5408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, type = size, size_out = 415 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 415, size_out = 415 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, type = size, size_out = 433 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 433, size_out = 433 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, type = size, size_out = 501 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 501, size_out = 501 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, type = size, size_out = 802872 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 802872, size_out = 802872 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 802880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfa8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, type = size, size_out = 5400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 5400, size_out = 5400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 5408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x318
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x34c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xae8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x338
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xad8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, type = size, size_out = 112 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 112, size_out = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, type = size, size_out = 4657 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.txt, size = 4657, size_out = 4657 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.txt, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xff8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdc4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, type = size, size_out = 25 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 25, size_out = 25 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 32 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe30
82
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, type = size, size_out = 82551925 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xac4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xedc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x9f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 370, size_out = 370 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, type = size, size_out = 1472 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 1472, size_out = 1472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 1488 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 1182, size_out = 1182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 1184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, type = size, size_out = 1134 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 1134, size_out = 1134 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, type = size, size_out = 1096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1096, size_out = 1096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa0c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, type = size, size_out = 1193 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 1193, size_out = 1193 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 1200 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1004
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1008
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x100c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 186, size_out = 186 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1010
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1014
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1018
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x101c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, type = size, size_out = 1154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 1154, size_out = 1154 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1020
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 1122, size_out = 1122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1024
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1028
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x102c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1030
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 2598 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 2598, size_out = 2598 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1034
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, type = size, size_out = 1158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 1158, size_out = 1158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1038
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x103c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1040
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1044
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1048
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x104c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1050
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1054
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1058
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x105c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1060
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, type = size, size_out = 1158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 1158, size_out = 1158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1064
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1068
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x106c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1070
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0x107c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1080
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1088
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, type = size, size_out = 2349 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 2349, size_out = 2349 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 2352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x108c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, type = size, size_out = 2096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 2096, size_out = 2096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 2112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1090
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 2114, size_out = 2114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 2128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1094
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, type = size, size_out = 2072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 2072, size_out = 2072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 2080 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1098
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, type = size, size_out = 180 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 180, size_out = 180 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x109c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, type = size, size_out = 176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 176, size_out = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, type = size, size_out = 170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 170, size_out = 170 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1100
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1104
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1108
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x110c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1110
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1118
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x111c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, type = size, size_out = 2206 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 2206, size_out = 2206 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1120
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1124
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x112c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, type = size, size_out = 2456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 2456, size_out = 2456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1130
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1134
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1138
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x113c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1140
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1144
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x114c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, type = size, size_out = 2462 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 2462, size_out = 2462 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1150
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, type = size, size_out = 2462 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 2462, size_out = 2462 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1154
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1158
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, type = size, size_out = 1251 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 1251, size_out = 1251 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 1264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x115c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 450, size_out = 450 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1160
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, type = size, size_out = 1120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 1120, size_out = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x11ac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x11b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\RyukReadMe.txt, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1200
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1204
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1208
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x120c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x122c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1254
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1258
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x125c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1260
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1264
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1268
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x126c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x12a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1300
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1304
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1308
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x130c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1310
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1314
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1318
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x131c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1324
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1328
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x132c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1330
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1334
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1338
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x133c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1340
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1344
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1348
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x134c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1350
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1354
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1358
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x135c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1360
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1364
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1368
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x136c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1370
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1374
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1378
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x137c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1380
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1384
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, type = size, size_out = 2618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 2618, size_out = 2618 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 2624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, type = size, size_out = 1357 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 1357, size_out = 1357 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 1360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x10f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x10cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1178
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1170
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x116c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1168
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1180
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x117c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x121c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1250
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xea0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfe8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x127c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1284
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1280
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x128c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1288
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1388
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1398
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1408
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x140c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1410
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, type = size, size_out = 0 |
|
2 |
Thread 0x1414
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x141c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1420
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x142c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1438
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x143c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1440
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1444
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, type = size, size_out = 444 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 444, size_out = 444 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x147c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1480
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1484
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1488
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x148c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1494
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x149c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14a0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14a4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14a8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14ac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14b0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, type = size, size_out = 168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 168, size_out = 168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14b4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14b8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14bc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14c0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14c4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14c8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14cc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14d0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14d4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14d8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14dc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14e0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14e4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14e8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14ec
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14f0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14f4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.txt, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.txt, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.txt, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14f8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14fc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1500
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1504
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1508
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x150c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1510
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1514
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1518
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x151c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1520
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1524
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1528
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x152c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1530
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1534
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1538
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x153c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, type = size, size_out = 24 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1540
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1544
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1548
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, type = size, size_out = 233 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 233, size_out = 233 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x154c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, type = size, size_out = 448 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 448, size_out = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1550
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, type = size, size_out = 358 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 358, size_out = 358 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1554
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1558
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x155c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1560
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1564
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1568
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x156c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1570
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1574
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1578
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x157c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1584
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x158c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x159c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15ac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, type = size, size_out = 51 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 51, size_out = 51 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 642, size_out = 642 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, type = size, size_out = 654 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 654, size_out = 654 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, type = size, size_out = 758 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 758, size_out = 758 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 642, size_out = 642 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, type = size, size_out = 766 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 766, size_out = 766 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, type = size, size_out = 654 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 654, size_out = 654 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, type = size, size_out = 1244 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 1244, size_out = 1244 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 1248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15f4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x15fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 1215 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1215, size_out = 1215 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1216 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1604
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x160c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1610
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, type = size, size_out = 85 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 85, size_out = 85 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1614
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1618
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x161c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, type = size, size_out = 1096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, size = 1096, size_out = 1096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, size = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1620
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, type = size, size_out = 1347 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, size = 1347, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, size = 1360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x162c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1630
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1634
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = size, size_out = 1164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 1164, size_out = 1164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1638
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x163c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1640
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1644
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, type = size, size_out = 1168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, size = 1168, size_out = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, size = 1184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1648
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, type = size, size_out = 1144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 1144, size_out = 1144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x164c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1650
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1654
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1658
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, type = size, size_out = 1104 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 1104, size_out = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x165c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1118 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1118, size_out = 1118 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1660
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, type = size, size_out = 1108 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 1108, size_out = 1108 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1664
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1668
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x166c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1670
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1674
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, type = size, size_out = 1132 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, size = 1132, size_out = 1132 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1678
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x167c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0x1688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x168c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0x1694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x169c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x16fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1704
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x170c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1710
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1714
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1718
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x171c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x173c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x174c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x175c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x176c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x177c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x179c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17ac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1164
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1390
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x138c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xce8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x144c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x145c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x548
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1474
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1478
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1454
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, type = size, size_out = 413724 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 413724, size_out = 413724 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 413728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1464
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x146c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1450
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1468
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1460
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1458
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1394
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x234
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x528
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x610
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1804
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1808
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x180c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1810
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1814
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1818
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x181c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1824
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1828
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x182c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1830
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1834
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1838
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x183c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1840
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1844
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1848
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x184c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1850
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1854
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1858
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, type = size, size_out = 113737 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 113737, size_out = 113737 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 113744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x185c
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, type = size, size_out = 1077377 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 77377, size_out = 77377 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 77392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1860
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1864
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1868
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1870
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1874
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1878
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x187c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1880
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1884
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1888
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x188c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1898
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x189c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, type = size, size_out = 687 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 687, size_out = 687 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1900
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, type = size, size_out = 917504 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 917504, size_out = 917504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 917520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x191c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1920
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x192c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1934
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1938
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x193c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, type = size, size_out = 3728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 3728, size_out = 3728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 3744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1940
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1954
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1958
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x195c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, type = size, size_out = 559 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 559, size_out = 559 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1960
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, type = size, size_out = 1263 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, size = 1263, size_out = 1263 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, size = 1264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1964
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1970
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1978
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, type = size, size_out = 343 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 343, size_out = 343 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1980
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, type = size, size_out = 5533 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 5533, size_out = 5533 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 5536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1984
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x198c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1990
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1994
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, type = size, size_out = 6536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6536, size_out = 6536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19a4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, type = size, size_out = 579 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 579, size_out = 579 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, type = size, size_out = 7989 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 7989, size_out = 7989 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 8000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19c0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, type = size, size_out = 555 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 555, size_out = 555 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, type = size, size_out = 976 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 976, size_out = 976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19e4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19f4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, type = size, size_out = 203 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 203, size_out = 203 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RyukReadMe.txt, size = 2226, size_out = 2226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RyukReadMe.txt, size = 2240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19fc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, type = size, size_out = 7340 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 7340, size_out = 7340 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 7344 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a0c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, type = size, size_out = 3356 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.txt, size = 3356, size_out = 3356 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.txt, size = 3360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a1c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, type = size, size_out = 2208 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 2208, size_out = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a44
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a54
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, type = size, size_out = 1821 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 1821, size_out = 1821 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a58
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a64
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, type = size, size_out = 3494 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 3494, size_out = 3494 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 3504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a68
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, type = size, size_out = 25497 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 25497, size_out = 25497 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 25504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a84
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1aa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1aa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1aa8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, type = size, size_out = 1299 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 1299, size_out = 1299 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 1312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ac8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1acc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1af0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1af4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1af8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, type = size, size_out = 34809 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 34809, size_out = 34809 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 34816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ba0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ba4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bcc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x1bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bd8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bdc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1be0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1be4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bec
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, type = size, size_out = 10707047 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1904
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x190c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x197c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1908
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x186c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1174
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x196c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x874
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x194c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.txt, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x2c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x864
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x830
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, size = 1122, size_out = 1122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0xfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0x6b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.txt, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x5fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, type = size, size_out = 2563 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, size = 2563, size_out = 2563 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, size = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, type = size, size_out = 2440 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2440, size_out = 2440 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, type = size, size_out = 2581 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2581, size_out = 2581 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, type = size, size_out = 2576 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2576, size_out = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, type = size, size_out = 2575 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2575, size_out = 2575 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, type = size, size_out = 2516 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2516, size_out = 2516 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2528 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, type = size, size_out = 2582 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 2582, size_out = 2582 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, type = size, size_out = 841 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 841, size_out = 841 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 22095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 22095, size_out = 22095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 22096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 882628 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 882628, size_out = 882628 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 882640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 21009 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 21009, size_out = 21009 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 21024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d40
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 3688458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 688458, size_out = 688458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 688464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 22095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 22095, size_out = 22095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 22096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 882628 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 882628, size_out = 882628 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 882640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 21009 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 21009, size_out = 21009 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 21024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d58
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 3688458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 688458, size_out = 688458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 688464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d70
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d78
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 128 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 128, size_out = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d88
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1da0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1da4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, type = size, size_out = 60762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 60762, size_out = 60762 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 60768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1da8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, type = size, size_out = 16226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 16226, size_out = 16226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 16240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1db0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, type = size, size_out = 9818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 9818, size_out = 9818 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 9824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1db4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1db8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, type = size, size_out = 37518 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 37518, size_out = 37518 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 37520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, type = size, size_out = 22114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 22114, size_out = 22114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 22128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dc4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, type = size, size_out = 16974 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 16974, size_out = 16974 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 16976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dc8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, type = size, size_out = 346180 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 346180, size_out = 346180 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 346192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dcc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, type = size, size_out = 125526 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 125526, size_out = 125526 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\RyukReadMe.txt, size = 125536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dd8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, type = size, size_out = 18454 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 18454, size_out = 18454 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 18464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ddc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, type = size, size_out = 1526 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 1526, size_out = 1526 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 1536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1de0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, type = size, size_out = 11048 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 11048, size_out = 11048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 11056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1de4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1de8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, type = size, size_out = 11146 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 11146, size_out = 11146 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 11152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1df0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, type = size, size_out = 96884 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 96884, size_out = 96884 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 96896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1df4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1df8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dfc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, type = size, size_out = 26846 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 26846, size_out = 26846 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 26848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, type = size, size_out = 32164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 32164, size_out = 32164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 32176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, type = size, size_out = 27520 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 27520, size_out = 27520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 27536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e0c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, type = size, size_out = 25794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.txt, size = 25794, size_out = 25794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.txt, size = 25808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, type = size, size_out = 25794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25794, size_out = 25794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, type = size, size_out = 13374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\RyukReadMe.txt, size = 13374, size_out = 13374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\RyukReadMe.txt, size = 13376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e28
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, type = size, size_out = 1175422 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 175422, size_out = 175422 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 175424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, type = size, size_out = 78178 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 78178, size_out = 78178 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 78192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, type = size, size_out = 6772 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6772, size_out = 6772 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e70
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 52 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 52, size_out = 52 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e7c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 56 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 56, size_out = 56 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, type = size, size_out = 1565 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 1565, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 1568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ea0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ea4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ea8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ebc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ecc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ed0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ed4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ed8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1edc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ee0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ee4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ee8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f54
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1f58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1822 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 1822, size_out = 1822 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1822 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 1822, size_out = 1822 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, type = size, size_out = 360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 360, size_out = 360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, type = size, size_out = 360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, size = 360, size_out = 360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, type = size, size_out = 3293 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 3293, size_out = 3293 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 3296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, type = size, size_out = 3293 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 3293, size_out = 3293 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 3296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, type = size, size_out = 3031 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 3031, size_out = 3031 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 3040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1824 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 1824, size_out = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 1840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fb4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, type = size, size_out = 2309 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RyukReadMe.txt, size = 2309, size_out = 2309 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RyukReadMe.txt, size = 2320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fcc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, type = size, size_out = 4043 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 4043, size_out = 4043 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 4048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, type = size, size_out = 3308 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 3308, size_out = 3308 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 3312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, type = size, size_out = 1814 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 1814, size_out = 1814 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fe0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fe4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, type = size, size_out = 635 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 635, size_out = 635 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ffc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1648 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 1648, size_out = 1648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 1664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x91c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, type = size, size_out = 7086 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 7086, size_out = 7086 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 7088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x172c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x17dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 1818, size_out = 1818 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x178c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1808 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 1808, size_out = 1808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1635 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 1635, size_out = 1635 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 1648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x508
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1046 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 1046, size_out = 1046 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x424
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1844 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 1844, size_out = 1844 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 1856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 1842, size_out = 1842 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 1856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x420
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, type = size, size_out = 5829 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 5829, size_out = 5829 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 5840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1414 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 1414, size_out = 1414 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 1424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, type = size, size_out = 4120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 4120, size_out = 4120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 4128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fbc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, type = size, size_out = 6205 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 6205, size_out = 6205 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 6208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2004
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, type = size, size_out = 6457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, size = 6457, size_out = 6457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, size = 6464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2008
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, type = size, size_out = 3431 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 3431, size_out = 3431 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 3440 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x200c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, type = size, size_out = 2367 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 2367, size_out = 2367 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 2368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2018
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x201c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x202c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x203c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2044
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, type = size, size_out = 158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 158, size_out = 158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2048
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, type = size, size_out = 110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 110, size_out = 110 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x204c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, type = size, size_out = 262 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 262, size_out = 262 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2098
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x209c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x20b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x210c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2114
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x211c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x212c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2134
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x213c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x214c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2154
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x2158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x215c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x216c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2174
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2178
170
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, type = size, size_out = 187772928 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x217c
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, type = size, size_out = 3354624 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 354624, size_out = 354624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 354640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2180
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, type = size, size_out = 12480512 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2184
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, type = size, size_out = 2519040 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 519040, size_out = 519040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 519056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2188
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, type = size, size_out = 4599808 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 599808, size_out = 599808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 599824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x218c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, type = size, size_out = 294912 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, size = 294912, size_out = 294912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, size = 294928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2190
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, type = size, size_out = 552960 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 552960, size_out = 552960 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 552976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2194
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, type = size, size_out = 59793408 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2198
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, type = size, size_out = 5488640 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x219c
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, type = size, size_out = 1933064 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 933064, size_out = 933064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 933072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 997054 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 997054, size_out = 997054 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 997056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21f8
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 1266512 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 266512, size_out = 266512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 266528 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2200
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1034506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.txt, size = 34506, size_out = 34506 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.txt, size = 34512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2208
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x220c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2210
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 821681 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 821681, size_out = 821681 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 821696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2214
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2218
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x221c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2224
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 809765 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 809765, size_out = 809765 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 809776 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2228
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x222c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x223c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2244
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2248
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x224c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2250
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x225c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x226c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x227c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x228c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x229c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0x22e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22f0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x22f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x230c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x231c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2328
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x232c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2334
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, type = size, size_out = 2465 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 2465, size_out = 2465 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 2480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x233c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x234c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x235c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x236c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x237c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x238c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x239c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x129c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x11b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x123c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x205c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x119c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x118c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x207c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 31943 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 31943, size_out = 31943 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 31952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f64
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, type = size, size_out = 1851601 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 851601, size_out = 851601 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 851616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdb0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xca8
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 1067137 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 67137, size_out = 67137 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 67152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcdc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 32205 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 32205, size_out = 32205 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 32208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ef8
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, type = size, size_out = 9671548 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17bc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, type = size, size_out = 128 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 128, size_out = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f44
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 5436944 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2070
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, type = size, size_out = 42916 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 42916, size_out = 42916 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 42928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f8c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x206c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2060
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, type = size, size_out = 559370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 559370, size_out = 559370 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 559376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2054
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, type = size, size_out = 106560 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 106560, size_out = 106560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 106576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x9e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa88
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, type = size, size_out = 99640 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 99640, size_out = 99640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 99648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x808
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, type = size, size_out = 2310 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 2310, size_out = 2310 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 2320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, type = size, size_out = 99174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 99174, size_out = 99174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 99184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaf0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, type = size, size_out = 813604 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 813604, size_out = 813604 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 813616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xaf8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, type = size, size_out = 109708 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 109708, size_out = 109708 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 109712 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xafc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, type = size, size_out = 35940 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 35940, size_out = 35940 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 35952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb28
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1184
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa08
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2084
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, type = size, size_out = 80552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 80552, size_out = 80552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 80560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2080
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, type = size, size_out = 744782 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 744782, size_out = 744782 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 744784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, type = size, size_out = 194236 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 194236, size_out = 194236 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 194240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x124c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1198
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, type = size, size_out = 92330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 92330, size_out = 92330 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 92336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1248
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, type = size, size_out = 4084 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 4084, size_out = 4084 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, type = size, size_out = 2816 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 2816, size_out = 2816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 2832 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, type = size, size_out = 3004 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 3004, size_out = 3004 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 3008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1194
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, type = size, size_out = 3304 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 3304, size_out = 3304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 3312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, type = size, size_out = 3238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 3238, size_out = 3238 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 3248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x52c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x208c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x368
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x23f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xaa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2408
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x240c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2410
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2414
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x241c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2424
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2430
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2434
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x243c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x244c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x245c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x246c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x247c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x248c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2494
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x249c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x250c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x251c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x252c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x253c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x254c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2558
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x255c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2564
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x256c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x257c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x258c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x259c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x260c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x261c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2620
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x262c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2638
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x263c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2640
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2648
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x264c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2654
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x2658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x265c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x266c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2670
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x267c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x268c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x269c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.txt, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x26a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26cc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26d8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5800228 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26e8
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1462871 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 462871, size_out = 462871 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 462880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26f0
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5588256 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x26fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 147456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 147456, size_out = 147456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 147472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2700
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2704
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2708
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 5153816 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x270c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2710
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2714
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.txt, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2718
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 4988786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 988786, size_out = 988786 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 988800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x271c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2724
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2728
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x272c
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5881317 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x273c
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 4932896 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 932896, size_out = 932896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 932912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2740
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2744
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 1076 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 1076, size_out = 1076 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2748
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, type = size, size_out = 1072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 1072, size_out = 1072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x274c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, type = size, size_out = 1075 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 1075, size_out = 1075 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2750
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x275c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x276c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x277c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x278c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x279c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x8d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.txt, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x242c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.txt, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x139c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xabc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2550
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x280c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x281c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2824
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2828
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x282c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2830
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x283c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x284c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x285c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x286c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x287c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x288c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x289c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x28e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x28e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x28e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x28f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x290c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x291c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x292c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x293c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x294c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x295c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x296c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2970
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2974
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x297c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x298c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x299c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29bc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, type = size, size_out = 15250 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x2aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2aac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ab0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2ab4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bdc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2be0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2be4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x2cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d54
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 147456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 147456, size_out = 147456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 147472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d80
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d88
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2da0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2db4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dc4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = size, size_out = 614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 614, size_out = 614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fd8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, type = size, size_out = 6036245 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fe0
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, type = size, size_out = 3787815 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 787815, size_out = 787815 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 787824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3004
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x300c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x301c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x302c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x303c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x304c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x305c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x306c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x307c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3084
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3088
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x308c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3090
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3094
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3098
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x309c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x30fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3100
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x310c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3110
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3118
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x311c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x312c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3130
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3134
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x313c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x314c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x315c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x316c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x317c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x318c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x319c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x320c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x321c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x322c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x323c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3244
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3248
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x324c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x325c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x326c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x327c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3280
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3284
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3288
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x328c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3298
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x329c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x330c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x331c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x332c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3338
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x333c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x334c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x335c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x336c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x337c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.txt, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x338c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3390
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3394
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3398
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x339c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x33a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x33a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x340c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x341c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x342c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x343c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x344c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3450
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x345c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x346c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x347c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x348c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3494
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x349c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x350c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x351c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x352c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x353c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x354c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3550
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x355c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3564
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x356c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x357c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x358c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3594
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3598
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x359c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x360c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x362c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3638
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x363c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3640
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x364c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3654
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x365c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x366c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3670
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3678
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, type = size, size_out = 614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 614, size_out = 614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x367c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x368c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x369c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3704
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x370c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3710
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3714
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3718
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x371c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x372c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x373c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x374c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x375c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x376c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3778
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x377c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3780
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3784
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x378c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3794
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x379c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x37f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x33c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3424
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x34dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1448
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x380c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3810
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3814
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3818
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x381c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3824
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3828
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x382c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3830
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x383c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x384c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x385c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x386c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x387c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x388c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x389c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x390c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x391c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x392c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3938
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x393c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x394c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x395c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x396c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3978
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x397c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x398c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3990
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x399c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a30
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x3a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3648
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\RyukReadMe.txt, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x3ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ea0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ea4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ea8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ebc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ec4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3ec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fe0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fe4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3fe8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x361c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x33f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4004
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4008
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x400c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4014
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x401c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x402c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x403c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x404c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x405c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x406c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x407c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x408c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x409c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x40bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x410c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4110
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4118
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x411c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4120
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x412c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4134
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x413c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x414c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x415c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x416c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x417c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x418c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x419c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x41b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x420c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x421c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x422c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x423c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x424c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x425c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x426c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x427c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x428c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x429c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x430c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x431c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x432c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x433c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x434c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x435c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x436c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x437c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x438c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xf5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xf58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x440c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x441c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4420
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x442c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x443c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x444c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x445c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x446c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x447c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x448c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4494
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x449c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x44fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4500
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4504
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4508
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x450c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4510
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4514
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x451c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4520
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4524
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4528
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x452c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4534
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4538
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x453c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4540
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4550
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4554
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4558
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x455c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4560
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x456c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4570
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4574
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4578
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x457c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x458c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4594
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4598
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x459c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x460c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x461c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4620
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x462c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4638
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x463c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4640
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4648
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x464c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x465c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x466c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4670
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x467c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x468c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4698
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x469c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x46a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4700
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4704
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x471c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x472c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x475c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x476c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x477c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x478c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x479c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x47d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x439c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x470c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x480c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x481c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4824
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4828
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x482c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4830
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x483c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x484c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x486c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x487c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x488c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x489c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x48d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x490c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x491c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x492c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x493c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x494c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x495c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x496c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4974
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x498c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x499c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4be0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4be4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4be8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c88
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4c8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d9c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4da0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4dd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ddc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4de0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4de4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4de8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4df0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e90
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x4e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ee4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ee8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4eec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ef0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ef4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ef8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x485c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4564
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x454c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5004
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x500c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x501c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x502c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x503c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x504c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x505c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x506c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x507c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x508c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x509c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x510c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5114
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, type = size, size_out = 1035 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 1035, size_out = 1035 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5118
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, type = size, size_out = 536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 536, size_out = 536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x511c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, type = size, size_out = 90431 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 90431, size_out = 90431 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 90432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5120
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, type = size, size_out = 150357 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 150357, size_out = 150357 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 150368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5124
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, type = size, size_out = 9566 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, size = 9566, size_out = 9566 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\RyukReadMe.txt, size = 9568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5128
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, type = size, size_out = 9566 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 9566, size_out = 9566 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 9568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x512c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, type = size, size_out = 53574 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 53574, size_out = 53574 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 53584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5130
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, type = size, size_out = 186947 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 186947, size_out = 186947 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 186960 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5134
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, type = size, size_out = 6144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6144, size_out = 6144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5138
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, type = size, size_out = 63413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 63413, size_out = 63413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 63424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x513c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5140
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, type = size, size_out = 270336 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 270336, size_out = 270336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 270352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5144
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5148
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x514c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, type = size, size_out = 524656 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 524656, size_out = 524656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 524672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5150
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, type = size, size_out = 131072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 131072, size_out = 131072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 131088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5154
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, type = size, size_out = 7168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 7168, size_out = 7168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 7184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x515c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, type = size, size_out = 1164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 1164, size_out = 1164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5168
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, type = size, size_out = 66208 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 66208, size_out = 66208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 66224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x516c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, type = size, size_out = 2676 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 2676, size_out = 2676 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 2688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\ToolsSearchCacheRdr\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\ToolsSearchCacheRdr\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x517c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5188
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x518c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5194
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5198
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x519c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51b0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x51b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5200
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5204
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x520c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5214
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x521c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x522c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x523c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x524c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5258
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x525c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x526c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x527c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x528c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x529c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52ac
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x52b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5300
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x530c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x531c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x532c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x533c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x534c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5354
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x535c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x536c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x537c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x538c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x539c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53a8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x53ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x53fc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x497c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x473c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xf34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x540c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x541c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5420
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5428
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x542c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x543c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5440
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5444
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5448
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x544c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5450
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5454
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5458
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x545c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5464
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5468
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x546c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x547c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5480
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5484
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, type = size, size_out = 130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 130, size_out = 130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5488
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, type = size, size_out = 6291456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x548c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5494
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5498
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, type = size, size_out = 50443 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 50443, size_out = 50443 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 50448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x549c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, type = size, size_out = 26531 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, size = 26531, size_out = 26531 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, size = 26544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, type = size, size_out = 26644 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 26644, size_out = 26644 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 26656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, type = size, size_out = 1183 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 1183, size_out = 1183 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 1184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, type = size, size_out = 13959 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 13959, size_out = 13959 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 13968 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, type = size, size_out = 65154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 65154, size_out = 65154 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 65168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, type = size, size_out = 84537 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 84537, size_out = 84537 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 84544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, type = size, size_out = 99908 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 99908, size_out = 99908 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 99920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, type = size, size_out = 20 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5500
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, type = size, size_out = 6291456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5504
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5508
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x550c
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5510
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5514
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5518
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x551c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5520
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5524
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5540
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, type = size, size_out = 756 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 756, size_out = 756 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5570
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, type = size, size_out = 751 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt, size = 751, size_out = 751 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt, size = 752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5574
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5578
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x557c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5584
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, type = size, size_out = 254900 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 254900, size_out = 254900 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 254912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5588
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x558c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x559c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, type = size, size_out = 3524 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 3524, size_out = 3524 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 3536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, type = size, size_out = 3514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 3514, size_out = 3514 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 3520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5600
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5604
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5608
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x560c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5610
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5614
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5618
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x561c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x562c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5630
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5634
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5638
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x563c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5640
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5644
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x564c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5650
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5654
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5658
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x565c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5660
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5664
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5668
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x566c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5670
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5674
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5678
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x567c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5680
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5684
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5688
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x568c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5690
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5694
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5698
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x569c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5700
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5708
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x570c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5710
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, type = size, size_out = 72 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 72, size_out = 72 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5718
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, type = size, size_out = 275840 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 275840, size_out = 275840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 275856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x571c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5720
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, type = size, size_out = 50722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, type = size, size_out = 26818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5728
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, type = size, size_out = 94967 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, size = 94967, size_out = 94967 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, size = 94976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x572c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, type = size, size_out = 24743 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, size = 24743, size_out = 24743 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, size = 24752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5730
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, type = size, size_out = 91600 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, size = 91600, size_out = 91600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, size = 91616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5734
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, type = size, size_out = 26930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5738
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, type = size, size_out = 68274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, size = 68274, size_out = 68274 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, size = 68288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x573c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, type = size, size_out = 42517 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, size = 42517, size_out = 42517 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, size = 42528 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5740
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5744
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, type = size, size_out = 14242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5748
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, type = size, size_out = 20104 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, size = 20104, size_out = 20104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, size = 20112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x574c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, type = size, size_out = 65442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5750
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, type = size, size_out = 84507 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, size = 84507, size_out = 84507 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, size = 84512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5754
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, type = size, size_out = 64576 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, size = 64576, size_out = 64576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, size = 64592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5758
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, type = size, size_out = 84207 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, size = 84207, size_out = 84207 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, size = 84208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x575c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, type = size, size_out = 84818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5760
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, type = size, size_out = 49380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, size = 49380, size_out = 49380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, size = 49392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5764
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, type = size, size_out = 43824 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, size = 43824, size_out = 43824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, size = 43840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5768
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, type = size, size_out = 50388 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, size = 50388, size_out = 50388 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, size = 50400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x576c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, type = size, size_out = 20529 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, size = 20529, size_out = 20529 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, size = 20544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5770
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, type = size, size_out = 16008 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, size = 16008, size_out = 16008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, size = 16016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5774
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, type = size, size_out = 33723 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, size = 33723, size_out = 33723 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, size = 33728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5778
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, type = size, size_out = 33433 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, size = 33433, size_out = 33433 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, size = 33440 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x577c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, type = size, size_out = 16693 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, size = 16693, size_out = 16693 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, size = 16704 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5780
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, type = size, size_out = 100194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5784
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x578c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5794
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5798
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x579c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x57bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, type = size, size_out = 5120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, size = 5120, size_out = 5120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 5136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5528
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, type = size, size_out = 6583 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6583, size_out = 6583 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5538
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, type = size, size_out = 18176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 18176, size_out = 18176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 18192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5554
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5550
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5530
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5544
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x554c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5548
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x552c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, type = size, size_out = 1300 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 1300, size_out = 1300 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 1312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x553c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5534
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5564
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x555c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x556c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, type = size, size_out = 20063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 20063, size_out = 20063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 20064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x270
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, type = size, size_out = 20063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 20063, size_out = 20063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 20064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, type = size, size_out = 19614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 19614, size_out = 19614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 19616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, type = size, size_out = 9836 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 9836, size_out = 9836 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 9840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, type = size, size_out = 718 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 718, size_out = 718 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x348
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, type = size, size_out = 5499 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 5499, size_out = 5499 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 5504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, type = size, size_out = 7574 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\cs\RyukReadMe.txt, size = 7574, size_out = 7574 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\cs\RyukReadMe.txt, size = 7584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\cs\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\cs\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5804
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, type = size, size_out = 8290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 8290, size_out = 8290 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 8304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5808
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, type = size, size_out = 3051 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, size = 3051, size_out = 3051 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, size = 3056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\be\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x580c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5810
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5814
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, type = size, size_out = 6420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6420, size_out = 6420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5818
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, type = size, size_out = 7383 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 7383, size_out = 7383 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 7392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x581c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5820
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, type = size, size_out = 7780 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 7780, size_out = 7780 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 7792 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5824
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, type = size, size_out = 5060 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 5060, size_out = 5060 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 5072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5828
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x582c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, type = size, size_out = 801 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 801, size_out = 801 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5830
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5834
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5838
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x583c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5840
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, type = size, size_out = 295 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 295, size_out = 295 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5844
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5848
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, type = size, size_out = 1735 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 1735, size_out = 1735 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 1744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x584c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5850
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5854
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, type = size, size_out = 291 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 291, size_out = 291 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5858
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x585c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5860
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5864
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5868
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, type = size, size_out = 718 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 718, size_out = 718 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x586c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5870
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5874
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5878
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x587c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5880
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5884
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5888
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, type = size, size_out = 1389 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 1389, size_out = 1389 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x588c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5890
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, type = size, size_out = 10932 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 10932, size_out = 10932 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\kok\RyukReadMe.txt, size = 10944 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\kok\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\kok\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5894
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5898
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x589c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, type = size, size_out = 6400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6400, size_out = 6400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, type = size, size_out = 106588 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 106588, size_out = 106588 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 106592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, type = size, size_out = 8806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 8806, size_out = 8806 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 8816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, type = size, size_out = 9290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 9290, size_out = 9290 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 9296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, type = size, size_out = 7513 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 7513, size_out = 7513 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 7520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, type = size, size_out = 243489 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 243489, size_out = 243489 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 243504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, type = size, size_out = 2593 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 2593, size_out = 2593 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5900
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5904
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5908
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x590c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x591c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5920
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5924
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, type = size, size_out = 10516920 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ActionCenterCache\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5928
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x592c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5934
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5938
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, type = size, size_out = 77 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 77, size_out = 77 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x593c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5940
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5944
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5948
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x594c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5954
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5958
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x595c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5960
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5964
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5968
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x596c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5970
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5978
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x597c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x598c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5990
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5994
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5998
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, type = size, size_out = 387 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 387, size_out = 387 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, type = size, size_out = 12288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 12288, size_out = 12288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 12304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, type = size, size_out = 14458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 14458, size_out = 14458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 14464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, type = size, size_out = 19235 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 19235, size_out = 19235 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 19248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, type = size, size_out = 1604 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 1604, size_out = 1604 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 1616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, type = size, size_out = 2232 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 2232, size_out = 2232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 2240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, type = size, size_out = 3679 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 3679, size_out = 3679 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 3680 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, type = size, size_out = 13030 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, size = 13030, size_out = 13030 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, size = 13040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, type = size, size_out = 5386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Low\IE\RyukReadMe.txt, size = 5386, size_out = 5386 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Low\IE\RyukReadMe.txt, size = 5392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Low\IE\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Low\IE\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, type = size, size_out = 7374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 7374, size_out = 7374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 7376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, type = size, size_out = 4847 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 4847, size_out = 4847 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 4848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 2210, size_out = 2210 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, type = size, size_out = 1657 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 1657, size_out = 1657 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 1664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, type = size, size_out = 3879 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 3879, size_out = 3879 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 3888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, type = size, size_out = 13084 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 13084, size_out = 13084 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 13088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, type = size, size_out = 2332 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, size = 2332, size_out = 2332 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, size = 2336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, type = size, size_out = 4181 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 4181, size_out = 4181 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, type = size, size_out = 22634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 22634, size_out = 22634 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 22640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, type = size, size_out = 16003 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 16003, size_out = 16003 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt, size = 16016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, type = size, size_out = 17289 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 17289, size_out = 17289 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 17296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, type = size, size_out = 4490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 4490, size_out = 4490 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 4496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, type = size, size_out = 8184 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 8184, size_out = 8184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, type = size, size_out = 4181 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 4181, size_out = 4181 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, type = size, size_out = 4190 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 4190, size_out = 4190 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a00
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, type = size, size_out = 13737 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 13737, size_out = 13737 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 13744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, type = size, size_out = 4081 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 4081, size_out = 4081 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, type = size, size_out = 1924 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 1924, size_out = 1924 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 1936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a0c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, type = size, size_out = 2599 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 2599, size_out = 2599 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, type = size, size_out = 11449 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 11449, size_out = 11449 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 11456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, type = size, size_out = 14553 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 14553, size_out = 14553 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 14560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, type = size, size_out = 11332 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 11332, size_out = 11332 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 11344 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, type = size, size_out = 13241 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 13241, size_out = 13241 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 13248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, type = size, size_out = 1570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 1570, size_out = 1570 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 1584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, type = size, size_out = 11886 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 11886, size_out = 11886 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 11888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, type = size, size_out = 2270 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 2270, size_out = 2270 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 2272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, type = size, size_out = 12288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 12288, size_out = 12288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 12304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, type = size, size_out = 32768 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 32768, size_out = 32768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 32784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, type = size, size_out = 49152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 49152, size_out = 49152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 49168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a44
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, type = size, size_out = 1 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a88
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, type = size, size_out = 50722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, type = size, size_out = 26818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, type = size, size_out = 95250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, type = size, size_out = 25026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, type = size, size_out = 91890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, type = size, size_out = 26930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, type = size, size_out = 68562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, type = size, size_out = 42802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, type = size, size_out = 14242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, type = size, size_out = 20386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, type = size, size_out = 65442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, type = size, size_out = 84786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, type = size, size_out = 64866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, type = size, size_out = 84482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, type = size, size_out = 84818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, type = size, size_out = 49666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, type = size, size_out = 44114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, type = size, size_out = 50674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, type = size, size_out = 34002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, type = size, size_out = 33714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, type = size, size_out = 16978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, type = size, size_out = 100194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, type = size, size_out = 123016 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 123016, size_out = 123016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 123024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b28
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, type = size, size_out = 5243012 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b34
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b38
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b3c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b48
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x5b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b6c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b74
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5b78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, type = size, size_out = 11264 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 11264, size_out = 11264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b90
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ba4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bdc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, type = size, size_out = 938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 938, size_out = 938 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 944 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, type = size, size_out = 3088 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 3088, size_out = 3088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 3104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, type = size, size_out = 5652 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 5652, size_out = 5652 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 5664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, type = size, size_out = 417 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 417, size_out = 417 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x930
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, type = size, size_out = 14438 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 14438, size_out = 14438 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 14448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x95c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x380
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5160
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5164
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, type = size, size_out = 1063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 1063, size_out = 1063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 1072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, type = size, size_out = 1079 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 1079, size_out = 1079 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58bc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58e8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58ac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, type = size, size_out = 5850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 5850, size_out = 5850 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 5856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x599c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a54
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a70
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a74
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, type = size, size_out = 5850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 5850, size_out = 5850 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 5856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a5c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a68
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a60
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x594
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a6c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe18
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdf8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b9c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, type = size, size_out = 5068 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 5068, size_out = 5068 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 5072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, type = size, size_out = 2289 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 2289, size_out = 2289 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 2304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bb0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, type = size, size_out = 211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 211, size_out = 211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, type = size, size_out = 390 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 390, size_out = 390 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, type = size, size_out = 391 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 391, size_out = 391 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, type = size, size_out = 388 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 388, size_out = 388 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c08
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c0c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, type = size, size_out = 264 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 264, size_out = 264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c10
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, type = size, size_out = 32373 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 32373, size_out = 32373 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 32384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, type = size, size_out = 797 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 797, size_out = 797 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c1c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, type = size, size_out = 1947 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, size = 1947, size_out = 1947 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, size = 1952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, type = size, size_out = 20529 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 20529, size_out = 20529 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 20544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, type = size, size_out = 12544 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 12544, size_out = 12544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 12560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, type = size, size_out = 5934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 5934, size_out = 5934 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 5936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c30
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, type = size, size_out = 432 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 432, size_out = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, type = size, size_out = 7504 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 7504, size_out = 7504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 7520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, type = size, size_out = 2644 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 2644, size_out = 2644 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 2656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, type = size, size_out = 1132 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 1132, size_out = 1132 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, type = size, size_out = 987 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 987, size_out = 987 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, type = size, size_out = 912 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 912, size_out = 912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, type = size, size_out = 4407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 4407, size_out = 4407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 4416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c50
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c54
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, type = size, size_out = 1391 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 1391, size_out = 1391 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c58
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, type = size, size_out = 4807 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 4807, size_out = 4807 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 4816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, type = size, size_out = 1837 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 1837, size_out = 1837 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 1840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c70
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c74
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c78
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, type = size, size_out = 1575 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 1575, size_out = 1575 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 1584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, type = size, size_out = 3584 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 3584, size_out = 3584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 3600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, type = size, size_out = 2865 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 2865, size_out = 2865 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 2880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, type = size, size_out = 3646 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 3646, size_out = 3646 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 3648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c98
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, type = size, size_out = 140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 140, size_out = 140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, type = size, size_out = 3130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 3130, size_out = 3130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 3136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ca0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ca4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, type = size, size_out = 29879 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 29879, size_out = 29879 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\RyukReadMe.txt, size = 29888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ca8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, type = size, size_out = 144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 144, size_out = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, type = size, size_out = 3790 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 3790, size_out = 3790 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 3792 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cb0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, type = size, size_out = 130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 130, size_out = 130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cb8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, type = size, size_out = 121 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 121, size_out = 121 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cc0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, type = size, size_out = 122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 122, size_out = 122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cc4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, type = size, size_out = 185682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 185682, size_out = 185682 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 185696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cc8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, type = size, size_out = 111 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, size = 111, size_out = 111 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ccc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cd4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cd8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, type = size, size_out = 1493 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 1493, size_out = 1493 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 1504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cdc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ce0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ce4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, type = size, size_out = 49129 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 49129, size_out = 49129 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, type = size, size_out = 66168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 66168, size_out = 66168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 66176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, type = size, size_out = 9360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 9360, size_out = 9360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, type = size, size_out = 8714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 8714, size_out = 8714 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 8720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, type = size, size_out = 9360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 9360, size_out = 9360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, type = size, size_out = 8714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 8714, size_out = 8714 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 8720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, type = size, size_out = 9374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 9374, size_out = 9374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, type = size, size_out = 8696 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 8696, size_out = 8696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 8704 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, type = size, size_out = 93926 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 93926, size_out = 93926 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 93936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, type = size, size_out = 112794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 112794, size_out = 112794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 112800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d54
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, type = size, size_out = 119520 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 119520, size_out = 119520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 119536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d7c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, type = size, size_out = 436 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 436, size_out = 436 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e38
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x5e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ecc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5edc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 131072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 131072, size_out = 131072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 131088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ffc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4038
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x600
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f0c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6004
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6008
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x600c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6014
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6018
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x601c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6020
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6024
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x602c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6030
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x603c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6040
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x604c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6050
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Publishers\8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Publishers\8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Publishers\8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6054
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6058
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, type = size, size_out = 50722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, type = size, size_out = 26818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, type = size, size_out = 95250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x607c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, type = size, size_out = 25026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, type = size, size_out = 91890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, type = size, size_out = 26930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, type = size, size_out = 68562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x608c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, type = size, size_out = 42802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, type = size, size_out = 14242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, type = size, size_out = 20386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x609c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, type = size, size_out = 65442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, type = size, size_out = 84786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, type = size, size_out = 64866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, type = size, size_out = 84482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, type = size, size_out = 84818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, type = size, size_out = 49666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, type = size, size_out = 44114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, type = size, size_out = 50674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, type = size, size_out = 34002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, type = size, size_out = 33714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, type = size, size_out = 16978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, type = size, size_out = 100194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x60d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60dc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x60e0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x60e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, type = size, size_out = 123298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, type = size, size_out = 5243306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6108
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x610c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6110
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x6114
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x611c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x612c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6130
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6134
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6138
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x613c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, type = size, size_out = 11554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x614c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6150
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6158
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x615c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6164
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x616c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6170
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6174
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x617c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6180
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6184
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, type = size, size_out = 1218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x618c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, type = size, size_out = 3378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6194
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x61a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, type = size, size_out = 5938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, type = size, size_out = 706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, type = size, size_out = 14722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, type = size, size_out = 1044 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 1044, size_out = 1044 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, type = size, size_out = 1267 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 1267, size_out = 1267 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 1280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, type = size, size_out = 785 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 785, size_out = 785 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, type = size, size_out = 1020 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 1020, size_out = 1020 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 1024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, type = size, size_out = 1025 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 1025, size_out = 1025 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, type = size, size_out = 1346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, type = size, size_out = 585 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 585, size_out = 585 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61ec
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6224
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6228
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x622c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6234
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6238
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x623c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6244
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6248
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x624c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6250
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6254
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6258
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x625c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6260
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6264
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6268
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x626c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6270
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6274
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x627c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6280
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6284
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6288
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x628c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6294
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6298
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x629c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6300
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6304
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6308
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x630c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6310
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6314
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6318
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x631c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x632c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x633c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x634c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x635c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x636c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x637c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x638c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, type = size, size_out = 2578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, type = size, size_out = 498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x639c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, type = size, size_out = 32658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63c0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, type = size, size_out = 12834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, type = size, size_out = 6210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, type = size, size_out = 2930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, type = size, size_out = 1202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, type = size, size_out = 4690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, type = size, size_out = 5090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61a0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6060
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, type = size, size_out = 3874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, type = size, size_out = 3154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6198
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, type = size, size_out = 3922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6154
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, type = size, size_out = 70711 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 70711, size_out = 70711 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 70720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x606c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, type = size, size_out = 2791 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 2791, size_out = 2791 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 2800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x621c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6220
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, type = size, size_out = 3410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6218
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, type = size, size_out = 2981 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 2981, size_out = 2981 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 2992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, type = size, size_out = 30162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x620c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6214
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, type = size, size_out = 4066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6210
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, type = size, size_out = 51242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 51242, size_out = 51242 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 51248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, type = size, size_out = 11772 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 11772, size_out = 11772 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ru\RyukReadMe.txt, size = 11776 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ru\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ru\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x619c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x605c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, type = size, size_out = 185970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 25, size_out = 25 |
|
1 |
Thread 0x6408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x640c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, type = size, size_out = 1778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x641c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6420
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, type = size, size_out = 15267 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 15267, size_out = 15267 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 15280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6424
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6428
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x642c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6430
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6434
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, type = size, size_out = 10965 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 10965, size_out = 10965 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 10976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6438
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, type = size, size_out = 15598 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 15598, size_out = 15598 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 15600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x643c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6440
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, type = size, size_out = 66450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x644c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x645c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x646c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, type = size, size_out = 8978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6474
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, type = size, size_out = 464652 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 464652, size_out = 464652 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 464656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6478
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, type = size, size_out = 578260 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 578260, size_out = 578260 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 578272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x647c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, type = size, size_out = 604364 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 604364, size_out = 604364 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 604368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6480
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, type = size, size_out = 94210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6484
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, type = size, size_out = 113074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6488
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, type = size, size_out = 119810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x648c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6494
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, type = size, size_out = 4318 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 4318, size_out = 4318 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 4320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6498
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, type = size, size_out = 2004 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 2004, size_out = 2004 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x649c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\RyukReadMe.txt, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\RyukReadMe.txt, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, type = size, size_out = 4302 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 4302, size_out = 4302 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 4304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, type = size, size_out = 2008 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 2008, size_out = 2008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x650c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x651c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x652c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x653c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x654c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6550
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x655c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6564
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, type = size, size_out = 1956 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 1956, size_out = 1956 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 1968 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x656c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x6570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x65c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x65c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, type = size, size_out = 82095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 82095, size_out = 82095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 82096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65e0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x65e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x65e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65fc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6600
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x660c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6610
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6618
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x661c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6620
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6628
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x662c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6634
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6638
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x663c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6640
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6648
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x664c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6654
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6658
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x665c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6660
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6664
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6668
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x666c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6670
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6674
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6678
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x667c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6680
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6684
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6688
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x668c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6690
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6694
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\RyukReadMe.txt, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\RyukReadMe.txt, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6698
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x669c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, type = size, size_out = 111 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 111, size_out = 111 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, type = size, size_out = 149 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 149, size_out = 149 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, type = size, size_out = 159 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 159, size_out = 159 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6700
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, type = size, size_out = 121 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 121, size_out = 121 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x670c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x671c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6720
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6724
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6728
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x672c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6734
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6738
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x673c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6754
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x675c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6764
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6768
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x676c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6774
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6778
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x677c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6788
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67a0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x67a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x67b0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x67b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x67bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3eac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6748
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x674c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6740
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6744
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6780
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x679c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, type = size, size_out = 120272 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 120272, size_out = 120272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 120288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, type = size, size_out = 6584 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6584, size_out = 6584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x678c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, type = size, size_out = 17445 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 17445, size_out = 17445 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 17456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6794
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6804
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, type = size, size_out = 41034 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 41034, size_out = 41034 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 41040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6808
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x680c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6810
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, type = size, size_out = 32007 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 32007, size_out = 32007 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 32016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6814
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, type = size, size_out = 45513 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 45513, size_out = 45513 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 45520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6818
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x681c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, type = size, size_out = 15896 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 15896, size_out = 15896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 15904 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6820
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, type = size, size_out = 50030 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 50030, size_out = 50030 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 50032 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6824
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, type = size, size_out = 94820 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 94820, size_out = 94820 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 94832 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6828
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, type = size, size_out = 115298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 115298, size_out = 115298 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 115312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x682c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, type = size, size_out = 40738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 40738, size_out = 40738 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 40752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6830
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, type = size, size_out = 172182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 172182, size_out = 172182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 172192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6834
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6838
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, type = size, size_out = 601554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 601554, size_out = 601554 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 601568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x683c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6840
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6844
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, type = size, size_out = 202240 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 202240, size_out = 202240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 202256 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6848
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, type = size, size_out = 125356 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 125356, size_out = 125356 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 125360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x684c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, type = size, size_out = 18751 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 18751, size_out = 18751 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 18752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6850
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, type = size, size_out = 35182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 35182, size_out = 35182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 35184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6854
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, type = size, size_out = 48580 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 48580, size_out = 48580 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 48592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6858
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, type = size, size_out = 60 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 60, size_out = 60 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x685c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6860
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, type = size, size_out = 119914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 119914, size_out = 119914 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 119920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6868
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, type = size, size_out = 60 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 60, size_out = 60 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x686c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6870
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, type = size, size_out = 119914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 119914, size_out = 119914 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 119920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6878
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x687c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6884
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, type = size, size_out = 211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 211, size_out = 211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6888
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 338, size_out = 338 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x688c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6890
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6894
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6898
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x689c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\RyukReadMe.txt, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68c8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 24576 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 24576, size_out = 24576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 24592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, type = size, size_out = 32768 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 32768, size_out = 32768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 32784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, type = size, size_out = 424392 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 424392, size_out = 424392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 424400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RyukReadMe.txt, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68fc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6900
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x690c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x691c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6924
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x692c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6934
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x693c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6940
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, type = size, size_out = 459 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 459, size_out = 459 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6948
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x694c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6954
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x695c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6960
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6968
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6974
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x697c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x698c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6994
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6998
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x699c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69a0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69c8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69d0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69dc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\RoamingState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\RoamingState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69e8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a04
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a08
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a1c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a54
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, type = size, size_out = 50722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\0qBkA8l.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, type = size, size_out = 26818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\4_fn90.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, type = size, size_out = 95250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\7wfyVna8TjUB_J.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, type = size, size_out = 25026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8B-Rx-CuY9MoDcrkmKeH.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, type = size, size_out = 91890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\C4HB0H-krd0TmD.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, type = size, size_out = 26930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dCDXyh6d7_.odt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, type = size, size_out = 68562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dpKiq8iW0Lp.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, type = size, size_out = 42802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\G7d-QrvZb 9Ty8eX.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\HTuxRk uU.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, type = size, size_out = 14242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I6UYxbkVAm.swf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, type = size, size_out = 20386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JLvbBBfB-9PRZy.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, type = size, size_out = 65442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JzgVFSeD9N.csv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, type = size, size_out = 84786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\lOGq6-TguOd3OyHhp.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, type = size, size_out = 64866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\P1g_NwhbwrBqKX.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, type = size, size_out = 84482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pcU0WgVLyFpVAXM4.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, type = size, size_out = 84818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\pHPf8BaOW.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, type = size, size_out = 49666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\q0j5-XcV-dOR.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, type = size, size_out = 44114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qh03ZyE5Ryj1-4vsc9t.pptx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, type = size, size_out = 50674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RgO2B18y gyfX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\v2iGFI2a2Yz.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\vN5QV2hm ml.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, type = size, size_out = 34002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WB0l5o e2ov.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, type = size, size_out = 33714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\x8ejw3ElYMTA.odp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, type = size, size_out = 16978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\YnxkYm2djYcdchjw2U.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, type = size, size_out = 100194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\zWRZVBA.avi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ac4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ac8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6acc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ad0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, type = size, size_out = 123298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, type = size, size_out = 5243306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ae4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6af4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6af8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6afc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x6b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b1c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b20
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019020920190210\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b24
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 11554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 28672 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 28672, size_out = 28672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 28688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b40
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b44
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b58
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6b5c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b60
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6b64
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b68
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b6c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, type = size, size_out = 1218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, type = size, size_out = 3378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b7c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, type = size, size_out = 5938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, type = size, size_out = 12800 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 12800, size_out = 12800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 12816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, type = size, size_out = 706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, type = size, size_out = 14722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, type = size, size_out = 1279 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 1279, size_out = 1279 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 1280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ba0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, type = size, size_out = 1554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ba4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, type = size, size_out = 1284 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 1284, size_out = 1284 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 1296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ba8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, type = size, size_out = 797 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 797, size_out = 797 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bb0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, type = size, size_out = 1040 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 1040, size_out = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bb4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, type = size, size_out = 1346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6be0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6be4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6be8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x880
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, type = size, size_out = 2578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, type = size, size_out = 498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, type = size, size_out = 32658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, type = size, size_out = 12834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, type = size, size_out = 6210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, type = size, size_out = 2930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, type = size, size_out = 1202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, type = size, size_out = 4690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, type = size, size_out = 5090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, type = size, size_out = 3874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, type = size, size_out = 3154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, type = size, size_out = 3922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, type = size, size_out = 70994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, type = size, size_out = 3074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, type = size, size_out = 3410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, type = size, size_out = 3266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, type = size, size_out = 30162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, type = size, size_out = 4066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, type = size, size_out = 51522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, type = size, size_out = 12050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, type = size, size_out = 185970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, type = size, size_out = 1778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, type = size, size_out = 15554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, type = size, size_out = 11250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, type = size, size_out = 15874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, type = size, size_out = 66450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, type = size, size_out = 8978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, type = size, size_out = 464930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, type = size, size_out = 578546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, type = size, size_out = 604642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, type = size, size_out = 94210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, type = size, size_out = 113074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, type = size, size_out = 119810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, type = size, size_out = 4594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, type = size, size_out = 4578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6eb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, type = size, size_out = 2242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f68
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x6f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f78
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f7c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f80
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, type = size, size_out = 82370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f88
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f8c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f90
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6f98
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fa0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fa8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fb0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fb8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fc0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fc8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fd0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fd8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fe0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6fe8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ff0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ff8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c18
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6e18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6f70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6cd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6d08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6df8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6d90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6d00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6e14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ccc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ce0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7004
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7008
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x700c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7010
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7014
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7018
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x701c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7020
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7024
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7028
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x702c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7030
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7034
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7038
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x703c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_15B894361B8229C12E6CD4370E03BA11.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7040
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_71FE2912451B2B453DAF1EB6A0D6DE9D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7044
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_AEB6328053EC598E3A1DBA7D9B00C40B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7048
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\828298824EA5549947C17DDABF6871F5_6B5C8B321CA02275A82E95FA81D6DE62.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x704c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_B6480DD2AFAFCC504C59FFB35E8A6232.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7050
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_DCA82AA47C444DFAE483555D3A592A95.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7054
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7058
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_FD02B13068D47EB94BCC5D8B201E9929.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x705c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7060
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7064
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_835A2FD7EE5F1F37B7872C78D42A88BF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7068
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x706c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D787EFA352C03E71EA5F8B6B11B398B8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7070
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7074
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7078
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x707c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7080
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, type = size, size_out = 111 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, size = 111, size_out = 111 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7084
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, type = size, size_out = 620 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, size = 620, size_out = 620 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, size = 624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7088
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, type = size, size_out = 77 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, size = 77, size_out = 77 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, size = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x708c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, type = size, size_out = 213 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, size = 213, size_out = 213 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7094
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, type = size, size_out = 416 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, size = 416, size_out = 416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, size = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7098
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, type = size, size_out = 385 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, size = 385, size_out = 385 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x709c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, type = size, size_out = 88 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, size = 88, size_out = 88 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70a0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\RyukReadMe.txt, type = size, size_out = 260 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\RyukReadMe.txt, size = 260, size_out = 260 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\RyukReadMe.txt, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70a4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\RyukReadMe.txt, type = size, size_out = 211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\RyukReadMe.txt, size = 211, size_out = 211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\RyukReadMe.txt, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70a8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, type = size, size_out = 182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, size = 182, size_out = 182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70ac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, type = size, size_out = 92 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, size = 92, size_out = 92 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatUaCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x70c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\AppCache\Y2EKXLK8\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x70fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7100
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, type = size, size_out = 127 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, size = 127, size_out = 127 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7104
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, type = size, size_out = 447 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, size = 447, size_out = 447 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7108
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, type = size, size_out = 395 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, size = 395, size_out = 395 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x710c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7110
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, type = size, size_out = 419 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, size = 419, size_out = 419 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, size = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7114
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, type = size, size_out = 358 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, size = 358, size_out = 358 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7118
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, type = size, size_out = 209 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, size = 209, size_out = 209 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x711c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, type = size, size_out = 200 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, size = 200, size_out = 200 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, size = 208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7120
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, type = size, size_out = 561 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, size = 561, size_out = 561 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, size = 576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x712c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatUaCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7134
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7138
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\E6ZY23KO\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x713c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7140
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETFMMWBM\www.bing[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7144
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\P1T4DCFU\www.msn[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7148
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x714c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7150
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7154
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7158
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x715c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7160
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7164
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7168
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x716c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7170
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_108A7991F73F2B507007C35661993162.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7174
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7178
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x717c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7184
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7188
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x718c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7190
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7198
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x719c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, type = size, size_out = 300040 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, size = 300040, size_out = 300040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, size = 300048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, type = size, size_out = 18176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, size = 18176, size_out = 18176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, size = 18192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{3D88D67F-6818-11E7-9BD3-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{3D88D67F-6818-11E7-9BD3-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{3D88D67F-6818-11E7-9BD3-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D88D681-6818-11E7-9BD3-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D88D681-6818-11E7-9BD3-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D88D681-6818-11E7-9BD3-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71c4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71c8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x71d8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x71dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x71e0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x71e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x71e8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x71ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x71f0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x71f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x71f8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x71fc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7208
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x720c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7210
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x721c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7224
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7234
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x724c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7254
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x725c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7260
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7264
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x726c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x727c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72ec
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x72f0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7304
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7308
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x730c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7310
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7314
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7318
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x731c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7324
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7328
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x732c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7330
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7334
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x733c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 65826 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7340
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7344
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7348
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x734c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, type = size, size_out = 60 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, size = 60, size_out = 60 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7354
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, type = size, size_out = 120562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7358
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x735c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, type = size, size_out = 17730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7360
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, type = size, size_out = 6697 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, size = 6697, size_out = 6697 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, size = 6704 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7364
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, type = size, size_out = 41314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7368
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, type = size, size_out = 60566 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, size = 60566, size_out = 60566 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, size = 60576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x736c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, type = size, size_out = 20398 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, size = 20398, size_out = 20398 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, size = 20400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7370
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, type = size, size_out = 32290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7374
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, type = size, size_out = 45794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7378
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, type = size, size_out = 1313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, size = 1313, size_out = 1313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, size = 1328 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x737c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, type = size, size_out = 16178 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7380
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, type = size, size_out = 50306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7384
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, type = size, size_out = 95106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7388
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, type = size, size_out = 115586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x738c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, type = size, size_out = 41026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7390
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, type = size, size_out = 172466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7394
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, type = size, size_out = 1404 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, size = 1404, size_out = 1404 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, size = 1408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7398
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, type = size, size_out = 601842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x739c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, type = size, size_out = 48993 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, size = 48993, size_out = 48993 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, size = 49008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, type = size, size_out = 202530 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73a8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, type = size, size_out = 125634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73ac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, type = size, size_out = 19026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, type = size, size_out = 35458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73b4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, type = size, size_out = 48866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73b8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.RYK, type = size, size_out = 120194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x73c4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.RYK, type = size, size_out = 120194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x73d0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x73d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, type = size, size_out = 1404 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, size = 1404, size_out = 1404 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, size = 1408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73d8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x73dc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x73e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, type = size, size_out = 498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x73e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x73e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x73fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xccc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1188
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ff0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7218
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x728c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YZLQLSKF\www.bing[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x722c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x723c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.RYK, type = size, size_out = 524578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x614
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7294
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 24866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ec
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x540
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x729c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, type = size, size_out = 424674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, type = size, size_out = 65826 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72b8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x72a0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x96c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x484
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7408
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x740c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7410
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7414
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7418
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x741c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7420
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7428
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x742c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7430
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x743c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7444
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x744c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7454
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x745c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7464
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7468
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x746c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7470
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7474
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7478
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x747c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7480
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7484
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7488
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x748c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7494
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\RyukReadMe.txt, type = size, size_out = 0 |
|
2 |
Thread 0x7498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x749c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RyukReadMe.txt, type = size, size_out = 0 |
|
2 |
Thread 0x74a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\RyukReadMe.txt, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x74a4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74ac
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74b4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74bc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74c4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74cc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74dc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74e4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74ec
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x74f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x74f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{241d7c96-f8bf-4f85-b01f-e2b043341a4b}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{241d7c96-f8bf-4f85-b01f-e2b043341a4b}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{241d7c96-f8bf-4f85-b01f-e2b043341a4b}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x74f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{33C56305-BA7B-48E0-9784-2D05E3F5D27E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{33C56305-BA7B-48E0-9784-2D05E3F5D27E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{33C56305-BA7B-48E0-9784-2D05E3F5D27E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x74fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{728047C0-00D2-4FDB-A069-06338B92E93B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{728047C0-00D2-4FDB-A069-06338B92E93B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{728047C0-00D2-4FDB-A069-06338B92E93B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7500
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{7940ACF8-60BA-4213-A7C3-F3B400EE266D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{7940ACF8-60BA-4213-A7C3-F3B400EE266D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{7940ACF8-60BA-4213-A7C3-F3B400EE266D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7504
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{A88F43D0-B9C8-42F2-B9F3-90902FC0B22B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{A88F43D0-B9C8-42F2-B9F3-90902FC0B22B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{A88F43D0-B9C8-42F2-B9F3-90902FC0B22B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7508
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{E2E2F6CF-9D1A-4004-8999-8AB81010B5AC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{E2E2F6CF-9D1A-4004-8999-8AB81010B5AC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\aaa_Classic_{E2E2F6CF-9D1A-4004-8999-8AB81010B5AC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x750c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Proxy_Automatic_Config_Group.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Proxy_Automatic_Config_Group.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Proxy_Automatic_Config_Group.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7510
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsChangeAccountPicture.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsChangeAccountPicture.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsChangeAccountPicture.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7514
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAppSizesList.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAppSizesList.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAppSizesList.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAutoplayDefaults.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAutoplayDefaults.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupAutoplayDefaults.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x751c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageOverview.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageOverview.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageOverview.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7520
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupDataSenseMainPageSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7524
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessFilterKeys.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessFilterKeys.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessFilterKeys.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7528
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessNarrator.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessNarrator.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessNarrator.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x752c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOSK.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOSK.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOSK.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7530
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOther.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOther.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessOther.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7534
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessStickyKeys.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessStickyKeys.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessStickyKeys.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7538
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessToggleKeys.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessToggleKeys.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupEaseOfAccessToggleKeys.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x753c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupFamilyUsers.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupFamilyUsers.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupFamilyUsers.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7540
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupInputMouse.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupInputMouse.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupInputMouse.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7544
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupLockScreenPreview.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupLockScreenPreview.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupLockScreenPreview.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7548
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupMapsUpdates.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupMapsUpdates.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupMapsUpdates.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x754c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupNotificationsAppList.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupNotificationsAppList.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupNotificationsAppList.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7550
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemDeviceEncryption.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemDeviceEncryption.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemDeviceEncryption.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7554
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemSupportInfo.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemSupportInfo.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemSupportInfo.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7558
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemWindowsInfo.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemWindowsInfo.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPCSystemWindowsInfo.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x755c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPen.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPen.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPen.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7560
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPersonalizeColorChoose.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPersonalizeColorChoose.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPersonalizeColorChoose.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7564
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPicturePassword.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPicturePassword.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPicturePassword.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7568
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOff.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOff.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOff.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x756c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOffAoAc.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOffAoAc.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepDisplayOffAoAc.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7570
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepSleep.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepSleep.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPowerAndSleepSleep.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7574
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPrivacyLocationHistory.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPrivacyLocationHistory.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupPrivacyLocationHistory.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7578
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupRegionDateTimeFormats.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupRegionDateTimeFormats.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupRegionDateTimeFormats.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x757c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupSpeechMicrophone.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupSpeechMicrophone.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupSpeechMicrophone.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupVirtualDesktops.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupVirtualDesktops.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupVirtualDesktops.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7584
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupYourAccount.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupYourAccount.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsGroupYourAccount.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7588
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsManage.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsManage.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsManage.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x758c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsPicture.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsPicture.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsPicture.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsSync.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsSync.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsSync.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsUsers.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsUsers.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAccountsUsers.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageActivate.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageActivate.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageActivate.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x759c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaults.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaults.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaults.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsFileExtensionView.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsFileExtensionView.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsFileExtensionView.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsProtocolView.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsProtocolView.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsDefaultsProtocolView.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsNotifications.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsNotifications.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageAppsNotifications.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBackground.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBackground.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBackground.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBatterySaver.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBatterySaver.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageBatterySaver.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageColors.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageColors.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageColors.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDataSenseOverview.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDataSenseOverview.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDataSenseOverview.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPen.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPen.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPen.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPrinters.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPrinters.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageDevicesPrinters.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessClosedCaptioning.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessClosedCaptioning.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessClosedCaptioning.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessHighContrast.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessHighContrast.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessHighContrast.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessKeyboard.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessKeyboard.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessKeyboard.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMagnifier.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMagnifier.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMagnifier.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMoreOptions.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMoreOptions.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMoreOptions.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMouse.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMouse.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessMouse.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessNarrator.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessNarrator.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageEaseOfAccessNarrator.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen-2.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen-2.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen-2.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageLockScreen.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMaps.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMaps.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMaps.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMultiTasking.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMultiTasking.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageMultiTasking.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkAirplaneMode.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkAirplaneMode.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkAirplaneMode.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDialup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDialup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDialup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDirectAccess.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDirectAccess.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkDirectAccess.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkEthernet.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkEthernet.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkEthernet.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7600
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileBroadband.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileBroadband.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileBroadband.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7604
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileHotspot.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileHotspot.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkMobileHotspot.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7608
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkProxy.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkProxy.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkProxy.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x760c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkVPN.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkVPN.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkVPN.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7610
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWiFi.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWiFi.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWiFi.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7614
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWorkplace.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWorkplace.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageNetworkWorkplace.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7618
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemAutoPlay.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemAutoPlay.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemAutoPlay.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x761c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemBluetooth.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemBluetooth.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemBluetooth.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDevices.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDevices.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDevices.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDeviceSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDeviceSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDeviceSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDisplay.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDisplay.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemDisplay.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x762c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemInfo.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemInfo.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemInfo.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7630
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemShellMode.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemShellMode.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePCSystemShellMode.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7634
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyAccountInfo.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyAccountInfo.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyAccountInfo.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7638
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCalendar.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCalendar.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCalendar.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x763c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyContacts.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyContacts.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyContacts.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7640
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCustomPeripherals.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCustomPeripherals.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyCustomPeripherals.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7644
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyGeneral.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyGeneral.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyGeneral.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyLocation.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyLocation.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyLocation.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x764c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMessaging.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMessaging.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMessaging.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7650
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMicrophone.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMicrophone.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMicrophone.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7654
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMotionData.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMotionData.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyMotionData.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7658
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyPersonalization.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyPersonalization.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyPersonalization.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x765c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyRadios.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyRadios.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyRadios.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7660
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacySIUFSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacySIUFSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacySIUFSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7664
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyWebcam.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyWebcam.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPagePrivacyWebcam.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7668
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreDeveloperOptions.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreDeveloperOptions.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreDeveloperOptions.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x766c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreMusUpdate.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreMusUpdate.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreMusUpdate.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7670
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreOneBackup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreOneBackup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreOneBackup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7674
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreRestore.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreRestore.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageRestoreRestore.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7678
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageScreenPowerAndSleep.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageScreenPowerAndSleep.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageScreenPowerAndSleep.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x767c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageSpeech.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageSpeech.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageSpeech.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7680
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStart.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStart.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStart.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7684
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseSaveLocations.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseSaveLocations.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseSaveLocations.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7688
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseStorageOverview.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseStorageOverview.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageStorageSenseStorageOverview.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x768c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageThemes.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageThemes.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageThemes.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7690
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionDateTime.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionDateTime.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionDateTime.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7694
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionLanguage.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionLanguage.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionLanguage.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7698
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionSpelling.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionSpelling.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageTimeRegionSpelling.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x769c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsDefender.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsDefender.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsDefender.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsServerDefender.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsServerDefender.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SettingsPageWindowsServerDefender.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeveloperModeGroup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeveloperModeGroup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeveloperModeGroup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeviceDiscoveryGroup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeviceDiscoveryGroup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_Settings_DeviceDiscoveryGroup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_CursorThickness.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_CursorThickness.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_CursorThickness.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsAnimationsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsAnimationsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsAnimationsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsMouseKeysEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsMouseKeysEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsMouseKeysEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsOverlappedContentEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsOverlappedContentEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_IsOverlappedContentEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsAutoStartEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsAutoStartEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsAutoStartEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowInsertPointEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowInsertPointEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowInsertPointEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowKeyFocusEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowKeyFocusEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsFollowKeyFocusEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsInversionColorEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsInversionColorEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Magnifier_IsInversionColorEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorColor.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorColor.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorColor.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorSize.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorSize.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_MouseCursorSize.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsAutoStartEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsAutoStartEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsAutoStartEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsDuckAudioEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsDuckAudioEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsDuckAudioEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoCharacterEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoCharacterEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoCharacterEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoWordEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoWordEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEchoWordEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFastKeyEntryEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFastKeyEntryEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFastKeyEntryEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFollowInsertionEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFollowInsertionEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsFollowInsertionEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsHighlightCursorEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsHighlightCursorEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsHighlightCursorEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsPlayAudioCuesEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsPlayAudioCuesEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsPlayAudioCuesEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsReadHintsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsReadHintsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_IsReadHintsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7700
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechPitch.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechPitch.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechPitch.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechSpeed.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechSpeed.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechSpeed.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7708
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechVoices.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechVoices.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_Narrator_SpeechVoices.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x770c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_NotificationDuration.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_NotificationDuration.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Accessibility_NotificationDuration.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Autoplay_IsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Autoplay_IsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Autoplay_IsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_OverrideControl.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_OverrideControl.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_OverrideControl.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink-2.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink-2.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink-2.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x771c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_SettingsLink.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7720
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink-2.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink-2.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink-2.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7724
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_BatterySaver_LandingPage_UsageDetailsLink.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7728
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DataSense_ConfigureSetLimitButton.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DataSense_ConfigureSetLimitButton.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DataSense_ConfigureSetLimitButton.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x772c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_CountryRegion.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_CountryRegion.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_CountryRegion.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsAutomaticDSTAdjustEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsAutomaticDSTAdjustEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsAutomaticDSTAdjustEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7734
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsTimeSetAutomaticallyEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsTimeSetAutomaticallyEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_IsTimeSetAutomaticallyEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7738
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_Set.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_Set.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_Set.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x773c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_SetFormats.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_SetFormats.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_SetFormats.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7740
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_TimezoneInfo.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_TimezoneInfo.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DateTime_TimezoneInfo.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7744
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Audio.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Audio.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Audio.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7748
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Browser.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Browser.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Browser.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x774c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Calendar.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Calendar.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Calendar.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7750
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Email.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Email.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Email.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Map.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Map.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Map.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7758
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Photos.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Photos.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Photos.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x775c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Video.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Video.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_DefaultApps_Video.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7760
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnablePixie.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnablePixie.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnablePixie.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7764
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnableRipple.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnableRipple.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_EnableRipple.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7768
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_SetHandedness.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_SetHandedness.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Devices_Pen_SetHandedness.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x776c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Device_Add.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Device_Add.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Device_Add.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7770
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_AdvancedSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_AdvancedSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_AdvancedSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_DPI_Override.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_DPI_Override.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_DPI_Override.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7778
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Duplicate.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Duplicate.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Duplicate.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x777c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IdentifyDetectWireless.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IdentifyDetectWireless.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IdentifyDetectWireless.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7780
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsAutoBrightnessEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsAutoBrightnessEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsAutoBrightnessEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7784
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsRotationLocked.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsRotationLocked.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_IsRotationLocked.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_MainMonitor.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_MainMonitor.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_MainMonitor.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x778c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Monitors.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Monitors.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Monitors.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Orientation.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Orientation.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Display_Orientation.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7794
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetButtonConfiguration.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetButtonConfiguration.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetButtonConfiguration.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7798
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetScrollPage.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetScrollPage.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Mouse_SetScrollPage.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x779c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_CursorSpeed.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_CursorSpeed.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_CursorSpeed.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableEdgeGesture.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableEdgeGesture.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableEdgeGesture.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableTouchPad.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableTouchPad.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableTouchPad.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedback.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedback.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedback.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedbackPM.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedbackPM.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_EnableVisualFeedbackPM.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_FourFingerTapEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_FourFingerTapEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_FourFingerTapEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_LeaveOnWithMouse.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_LeaveOnWithMouse.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_LeaveOnWithMouse.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_PanEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_PanEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_PanEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_RightClickZoneEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_RightClickZoneEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_RightClickZoneEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetActivationTimeout.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetActivationTimeout.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetActivationTimeout.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetScrollDirection.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetScrollDirection.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_SetScrollDirection.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapAndDrag.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapAndDrag.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapAndDrag.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapsEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapsEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TapsEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerSlideEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerSlideEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerSlideEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerTapEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerTapEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ThreeFingerTapEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TwoFingerTapEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TwoFingerTapEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_TwoFingerTapEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ZoomEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ZoomEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Input_Touch_ZoomEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoCorrectionEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoCorrectionEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoCorrectionEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoShiftEngageEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoShiftEngageEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsAutoShiftEngageEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsCompatibilityKeyboardEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsCompatibilityKeyboardEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsCompatibilityKeyboardEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsDoubleTapSpaceEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsDoubleTapSpaceEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsDoubleTapSpaceEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsKeyAudioFeedbackEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsKeyAudioFeedbackEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsKeyAudioFeedbackEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsPredictionSpaceInsertionEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsPredictionSpaceInsertionEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsPredictionSpaceInsertionEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsShiftLockEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsShiftLockEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsShiftLockEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x77fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsSpellcheckingEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsSpellcheckingEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsSpellcheckingEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2094
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsTextPredictionEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsTextPredictionEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Keyboard_IsTextPredictionEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Add_Profile.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Add_Profile.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Add_Profile.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x298
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Installed_Profiles_Collection.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Installed_Profiles_Collection.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Installed_Profiles_Collection.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Personal_Data_Control.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Personal_Data_Control.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Personal_Data_Control.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7804
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Web_Content_Control.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Web_Content_Control.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Language_Web_Content_Control.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7808
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_DeleteAll.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_DeleteAll.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_DeleteAll.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x780c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_Download_Add_Package.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_Download_Add_Package.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Maps_Download_Add_Package.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7810
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_ResetYourPC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_ResetYourPC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_ResetYourPC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7814
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_PreviewBuild.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_PreviewBuild.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_PreviewBuild.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7818
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows7.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows7.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows7.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x781c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8_1.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8_1.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Misc_RollbackYourPC_Windows8_1.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7824
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_AeroSnapEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_AeroSnapEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_AeroSnapEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7828
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapAssistEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapAssistEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapAssistEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x782c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapFillEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapFillEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MultiTasking_SnapFillEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7830
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_AdvancedSettingsLink.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_AdvancedSettingsLink.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_AdvancedSettingsLink.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7834
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_UpdateActionButton.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_UpdateActionButton.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_MusUpdate_UpdateActionButton.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7838
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_PinnedQuickActions.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_PinnedQuickActions.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_PinnedQuickActions.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x783c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SelectIconsToAppearOnTaskbar.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SelectIconsToAppearOnTaskbar.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SelectIconsToAppearOnTaskbar.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7840
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_ShowAppNotifications.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_ShowAppNotifications.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_ShowAppNotifications.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7844
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SoftLandingEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SoftLandingEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SoftLandingEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7848
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SystemIcons.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SystemIcons.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Notifications_SystemIcons.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x784c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ActivateWindowsLicense.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ActivateWindowsLicense.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ActivateWindowsLicense.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7850
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_GetPCName.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_GetPCName.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_GetPCName.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7854
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_InstalledRamStatus.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_InstalledRamStatus.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_InstalledRamStatus.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7858
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinCloudDomain.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinCloudDomain.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinCloudDomain.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x785c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinDomain.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinDomain.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_JoinDomain.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7860
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_LeaveOrganization.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_LeaveOrganization.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_LeaveOrganization.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7864
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_PenAndTouchStatus.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_PenAndTouchStatus.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_PenAndTouchStatus.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7868
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProcessorStatus.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProcessorStatus.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProcessorStatus.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x786c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProductIdStatus.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProductIdStatus.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_ProductIdStatus.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7870
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_RenamePC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_RenamePC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_RenamePC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7874
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_SystemTypeStatus.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_SystemTypeStatus.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PCSystem_SystemTypeStatus.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7878
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseBackground.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseBackground.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseBackground.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x787c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseFit.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseFit.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Background_ChooseFit.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7880
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_ColorPrevalence.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_ColorPrevalence.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_ColorPrevalence.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7884
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_EnableTransparency.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_EnableTransparency.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_Color_EnableTransparency.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7888
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsBadge.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsBadge.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsBadge.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x788c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsTile.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsTile.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenAppsTile.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7890
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenBackground.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenBackground.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenBackground.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7894
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenChooseBackgroundType.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenChooseBackgroundType.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenChooseBackgroundType.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7898
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Personalize_LockScreenSlideshowSource_CloudBrandName.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x789c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC_AoAc.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC_AoAc.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutAC_AoAc.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC_AoAc.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC_AoAc.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_DisplayOffTimeoutDC_AoAc.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutAC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutAC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutAC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutDC.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutDC.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_PowerAndSleep_SleepTimeoutDC.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_AdvertisingIdEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_AdvertisingIdEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_AdvertisingIdEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_EnableCollectionOfUrlsAppsUse.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_EnableCollectionOfUrlsAppsUse.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_EnableCollectionOfUrlsAppsUse.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_OpenPrivacyStatementLink.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_OpenPrivacyStatementLink.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Privacy_OpenPrivacyStatementLink.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticConfigScript.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticConfigScript.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticConfigScript.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticDetection.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticDetection.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_AutomaticDetection.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_ManualProxyAddress.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_ManualProxyAddress.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Proxy_ManualProxyAddress.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_DeviceList.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_DeviceList.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_DeviceList.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_IsAirplaneModeEnabled.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_IsAirplaneModeEnabled.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Radio_IsAirplaneModeEnabled.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_ModeChangeConfig.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_ModeChangeConfig.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_ModeChangeConfig.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Preference.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Preference.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Preference.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_TaskbarAppsVisibility.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_TaskbarAppsVisibility.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_TaskbarAppsVisibility.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_ShellMode_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Startup_AdvancedStartup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Startup_AdvancedStartup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Startup_AdvancedStartup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_LinkToPlacesPage.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_LinkToPlacesPage.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_LinkToPlacesPage.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowRecentlyAddedAppsGroup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowRecentlyAddedAppsGroup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowRecentlyAddedAppsGroup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowSuggestedAppsGroup.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowSuggestedAppsGroup.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_ShowSuggestedAppsGroup.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_Size.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_Size.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_Size.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreMFUApps.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreMFUApps.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreMFUApps.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x78fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreRecentlyOpenedItems.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreRecentlyOpenedItems.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Start_StoreRecentlyOpenedItems.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7900
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-2.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-2.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-2.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7904
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-3.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-3.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink-3.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7908
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_StorageSense_AppSizesOptionalComponentsLink.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x790c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncAccessibility_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncAccessibility_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncAccessibility_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncBrowserSettings_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncBrowserSettings_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncBrowserSettings_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncCredentials_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncCredentials_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncCredentials_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncLanguage_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncLanguage_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncLanguage_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x791c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncMaster_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncMaster_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncMaster_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7920
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncPersonalization_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncPersonalization_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncPersonalization_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7924
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_Windows_Toggle.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_Windows_Toggle.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_Windows_Toggle.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7928
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_AssignedAccess.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_AssignedAccess.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_AssignedAccess.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x792c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_ChangePassword.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_ChangePassword.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_ChangePassword.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_DelayLock.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_DelayLock.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_DelayLock.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7934
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFace.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFace.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFace.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7938
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFingerprint.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFingerprint.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentFingerprint.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x793c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentIris.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentIris.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_EnrollmentIris.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7940
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PicturePassword.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PicturePassword.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PicturePassword.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7944
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PINPassword.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PINPassword.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PINPassword.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7948
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_SingleSignOnAccountList.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_SingleSignOnAccountList.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_SingleSignOnAccountList.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x794c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_AltTabFilter.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_AltTabFilter.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_AltTabFilter.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_TaskbarFilter.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_TaskbarFilter.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_VirtualDesktops_TaskbarFilter.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7954
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_CorpDeviceManagement.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_CorpDeviceManagement.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_CorpDeviceManagement.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7958
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_RelatedSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_RelatedSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Workplace_RelatedSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x795c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AddOrRemovePrograms.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AddOrRemovePrograms.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AddOrRemovePrograms.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7960
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0042AE00-17CC-42EC-B5AD-B8F08A025D71}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0042AE00-17CC-42EC-B5AD-B8F08A025D71}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0042AE00-17CC-42EC-B5AD-B8F08A025D71}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7964
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{01ACC6BC-9A3D-49c5-AC7D-0FB9E026C424}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{01ACC6BC-9A3D-49c5-AC7D-0FB9E026C424}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{01ACC6BC-9A3D-49c5-AC7D-0FB9E026C424}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7968
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{028DE9F5-65F3-4A06-A048-421056F3E421}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{028DE9F5-65F3-4A06-A048-421056F3E421}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{028DE9F5-65F3-4A06-A048-421056F3E421}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x796c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{030C20F0-E20B-417A-B7AD-CEC6EE955CD3}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{030C20F0-E20B-417A-B7AD-CEC6EE955CD3}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{030C20F0-E20B-417A-B7AD-CEC6EE955CD3}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7970
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{059ECE57-19D1-4112-B05C-86F8ED5DA6B0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{059ECE57-19D1-4112-B05C-86F8ED5DA6B0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{059ECE57-19D1-4112-B05C-86F8ED5DA6B0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06628900-13DD-4fc3-A18B-0E9CE7B663ED}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06628900-13DD-4fc3-A18B-0E9CE7B663ED}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06628900-13DD-4fc3-A18B-0E9CE7B663ED}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7978
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06D12455-F35D-44D6-8E00-3F6A360CC030}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06D12455-F35D-44D6-8E00-3F6A360CC030}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06D12455-F35D-44D6-8E00-3F6A360CC030}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x797c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06FF5AE9-8F7C-41AD-B71B-62137DE26715}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06FF5AE9-8F7C-41AD-B71B-62137DE26715}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{06FF5AE9-8F7C-41AD-B71B-62137DE26715}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{082594D9-8481-43F0-AE8F-62EA920A4220}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{082594D9-8481-43F0-AE8F-62EA920A4220}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{082594D9-8481-43F0-AE8F-62EA920A4220}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{083D5202-600A-4f38-981B-2D138FBDC4D1}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{083D5202-600A-4f38-981B-2D138FBDC4D1}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{083D5202-600A-4f38-981B-2D138FBDC4D1}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08D48377-1C06-416D-B382-61E8D5F6CD18}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08D48377-1C06-416D-B382-61E8D5F6CD18}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08D48377-1C06-416D-B382-61E8D5F6CD18}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x798c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08EB53B7-3384-473A-8D2C-6C0E71F3BF34}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08EB53B7-3384-473A-8D2C-6C0E71F3BF34}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{08EB53B7-3384-473A-8D2C-6C0E71F3BF34}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7990
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{09bf6a57-7bf7-4389-8d6f-2bcf6a26bb4e}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{09bf6a57-7bf7-4389-8d6f-2bcf6a26bb4e}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{09bf6a57-7bf7-4389-8d6f-2bcf6a26bb4e}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7994
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0CDC534D-A9FF-450D-91D8-96C341ED44AA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0CDC534D-A9FF-450D-91D8-96C341ED44AA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0CDC534D-A9FF-450D-91D8-96C341ED44AA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7998
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0df44eaa-ff21-4412-828e-260a8728e7f1}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0df44eaa-ff21-4412-828e-260a8728e7f1}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0df44eaa-ff21-4412-828e-260a8728e7f1}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x799c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0DF721FA-F921-4416-A491-1924F212C705}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0DF721FA-F921-4416-A491-1924F212C705}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0DF721FA-F921-4416-A491-1924F212C705}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0e1d43a6-f261-491c-84ea-8bfcc6a4b70b}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0e1d43a6-f261-491c-84ea-8bfcc6a4b70b}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0e1d43a6-f261-491c-84ea-8bfcc6a4b70b}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0F1B68F6-B72D-4229-BC9C-A87F0B16B17B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0F1B68F6-B72D-4229-BC9C-A87F0B16B17B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{0F1B68F6-B72D-4229-BC9C-A87F0B16B17B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1011988D-12F9-446b-85FF-A1579CCD1678}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1011988D-12F9-446b-85FF-A1579CCD1678}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1011988D-12F9-446b-85FF-A1579CCD1678}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{10cbe5dd-9921-4090-b412-361339a230ad}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{10cbe5dd-9921-4090-b412-361339a230ad}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{10cbe5dd-9921-4090-b412-361339a230ad}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11135AE0-7372-4f85-8D1B-93D6EFBE5A99}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11135AE0-7372-4f85-8D1B-93D6EFBE5A99}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11135AE0-7372-4f85-8D1B-93D6EFBE5A99}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11E71674-7556-4E27-8D59-03B2FA846204}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11E71674-7556-4E27-8D59-03B2FA846204}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{11E71674-7556-4E27-8D59-03B2FA846204}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1206f5f1-0569-412c-8fec-3204630dfb70}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1206f5f1-0569-412c-8fec-3204630dfb70}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1206f5f1-0569-412c-8fec-3204630dfb70}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{12BBBD91-8E16-4C3F-9715-16E5C8299244}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{12BBBD91-8E16-4C3F-9715-16E5C8299244}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{12BBBD91-8E16-4C3F-9715-16E5C8299244}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{141D98AD-3E07-4C44-A578-4DCA078286A4}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{141D98AD-3E07-4C44-A578-4DCA078286A4}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{141D98AD-3E07-4C44-A578-4DCA078286A4}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{14DEC75C-D6CE-44A9-8349-AD0F46EF96BE}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{14DEC75C-D6CE-44A9-8349-AD0F46EF96BE}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{14DEC75C-D6CE-44A9-8349-AD0F46EF96BE}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1515BA81-68EB-4143-A29F-51A40A65DAE6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1515BA81-68EB-4143-A29F-51A40A65DAE6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1515BA81-68EB-4143-A29F-51A40A65DAE6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{16C327FA-D8A8-41C0-B022-64AC67715327}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{16C327FA-D8A8-41C0-B022-64AC67715327}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{16C327FA-D8A8-41C0-B022-64AC67715327}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17468BC4-3ACB-4D2A-98C2-B0B7B4EF29E6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17468BC4-3ACB-4D2A-98C2-B0B7B4EF29E6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17468BC4-3ACB-4D2A-98C2-B0B7B4EF29E6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17cd9488-1228-4b2f-88ce-4298e93e0966}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17cd9488-1228-4b2f-88ce-4298e93e0966}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{17cd9488-1228-4b2f-88ce-4298e93e0966}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1845AA13-3644-4FBC-B766-EEEF29683256}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1845AA13-3644-4FBC-B766-EEEF29683256}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1845AA13-3644-4FBC-B766-EEEF29683256}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1928DA28-C5A7-4F13-AF81-8238D57A793F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1928DA28-C5A7-4F13-AF81-8238D57A793F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1928DA28-C5A7-4F13-AF81-8238D57A793F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1a4635ec-181d-45ae-b691-bc75bec02756}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1a4635ec-181d-45ae-b691-bc75bec02756}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1a4635ec-181d-45ae-b691-bc75bec02756}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1A5712E4-AAD7-4717-B22A-CF0B8438E2E6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1A5712E4-AAD7-4717-B22A-CF0B8438E2E6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1A5712E4-AAD7-4717-B22A-CF0B8438E2E6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1BDB99DF-3832-49D6-9AE0-52105DB568DA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1BDB99DF-3832-49D6-9AE0-52105DB568DA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1BDB99DF-3832-49D6-9AE0-52105DB568DA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1DD03EE3-FC46-456A-8632-B0717A9D497D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1DD03EE3-FC46-456A-8632-B0717A9D497D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{1DD03EE3-FC46-456A-8632-B0717A9D497D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{201CEF4B-7444-4B2F-B885-5E8F0AA1D614}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{201CEF4B-7444-4B2F-B885-5E8F0AA1D614}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{201CEF4B-7444-4B2F-B885-5E8F0AA1D614}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{207D6BD2-A09B-406f-8A72-BC90C49FC152}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{207D6BD2-A09B-406f-8A72-BC90C49FC152}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{207D6BD2-A09B-406f-8A72-BC90C49FC152}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{21A5437E-D266-4F56-A146-06744A8BC071}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{21A5437E-D266-4F56-A146-06744A8BC071}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{21A5437E-D266-4F56-A146-06744A8BC071}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x79fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{232A1851-808C-4B44-A92A-38E862989CE5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{232A1851-808C-4B44-A92A-38E862989CE5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{232A1851-808C-4B44-A92A-38E862989CE5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{29B87534-19A8-4A39-AA81-2148E7DE5894}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{29B87534-19A8-4A39-AA81-2148E7DE5894}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{29B87534-19A8-4A39-AA81-2148E7DE5894}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2B6FE85A-C7AA-440F-B9A3-3F5EDCA3F6C2}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2B6FE85A-C7AA-440F-B9A3-3F5EDCA3F6C2}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2B6FE85A-C7AA-440F-B9A3-3F5EDCA3F6C2}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{30137454-0E1F-43bb-9CB8-AEF452964B0B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{30137454-0E1F-43bb-9CB8-AEF452964B0B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{30137454-0E1F-43bb-9CB8-AEF452964B0B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{31DD3DA1-ED44-4BA8-A67B-6EA93DEA77E7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{31DD3DA1-ED44-4BA8-A67B-6EA93DEA77E7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{31DD3DA1-ED44-4BA8-A67B-6EA93DEA77E7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33843DB0-24E7-4682-A019-5393D7F2BFFA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33843DB0-24E7-4682-A019-5393D7F2BFFA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33843DB0-24E7-4682-A019-5393D7F2BFFA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33F1F9B5-BD94-4D77-96AE-62F10E4A010A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33F1F9B5-BD94-4D77-96AE-62F10E4A010A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{33F1F9B5-BD94-4D77-96AE-62F10E4A010A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36C8B34B-83F9-4704-B817-9AB1A723705A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36C8B34B-83F9-4704-B817-9AB1A723705A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36C8B34B-83F9-4704-B817-9AB1A723705A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36fb1658-3a23-4d62-9bfd-37f4b18a85e9}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36fb1658-3a23-4d62-9bfd-37f4b18a85e9}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{36fb1658-3a23-4d62-9bfd-37f4b18a85e9}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37092408-D49C-451D-B56D-78B243DC475C}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37092408-D49C-451D-B56D-78B243DC475C}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37092408-D49C-451D-B56D-78B243DC475C}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37C361D8-51CD-40fa-A797-8FC1EA28F9F4}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37C361D8-51CD-40fa-A797-8FC1EA28F9F4}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37C361D8-51CD-40fa-A797-8FC1EA28F9F4}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37E2F32E-C821-4094-B429-2B4E8EA810AA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37E2F32E-C821-4094-B429-2B4E8EA810AA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{37E2F32E-C821-4094-B429-2B4E8EA810AA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{38bd6d6e-bf78-4c31-b05a-7447ee37669f}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{38bd6d6e-bf78-4c31-b05a-7447ee37669f}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{38bd6d6e-bf78-4c31-b05a-7447ee37669f}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3911D4F8-AD61-4911-A151-5682C26A7427}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3911D4F8-AD61-4911-A151-5682C26A7427}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3911D4F8-AD61-4911-A151-5682C26A7427}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A100872-EC27-46A5-BBCC-92C90635AE3B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A100872-EC27-46A5-BBCC-92C90635AE3B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A100872-EC27-46A5-BBCC-92C90635AE3B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A4140C8-50D3-44E9-BF50-C878204DE0F5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A4140C8-50D3-44E9-BF50-C878204DE0F5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3A4140C8-50D3-44E9-BF50-C878204DE0F5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3F0AD6DB-3246-48E4-ACD7-696FF62AE68D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3F0AD6DB-3246-48E4-ACD7-696FF62AE68D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{3F0AD6DB-3246-48E4-ACD7-696FF62AE68D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4026492f-2f69-46b8-b9bf-5654fc07e423}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4026492f-2f69-46b8-b9bf-5654fc07e423}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4026492f-2f69-46b8-b9bf-5654fc07e423}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{40419485-c444-4567-851a-2dd7bfa1684d}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{40419485-c444-4567-851a-2dd7bfa1684d}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{40419485-c444-4567-851a-2dd7bfa1684d}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{420C524A-2A76-43F7-B1B2-C3CF736557C7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{420C524A-2A76-43F7-B1B2-C3CF736557C7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{420C524A-2A76-43F7-B1B2-C3CF736557C7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4228F99D-227F-4058-9EA3-BB2B616D7444}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4228F99D-227F-4058-9EA3-BB2B616D7444}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4228F99D-227F-4058-9EA3-BB2B616D7444}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{45FDB5DF-1457-4A41-A824-7AD9C75767BC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{45FDB5DF-1457-4A41-A824-7AD9C75767BC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{45FDB5DF-1457-4A41-A824-7AD9C75767BC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{46E84184-51CC-4A7B-A40A-6D3E86D402DE}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{46E84184-51CC-4A7B-A40A-6D3E86D402DE}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{46E84184-51CC-4A7B-A40A-6D3E86D402DE}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4A2F952E-0618-467F-ADC5-FEBB66AEB82F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4A2F952E-0618-467F-ADC5-FEBB66AEB82F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4A2F952E-0618-467F-ADC5-FEBB66AEB82F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4BCD16D0-BA72-4F0D-88F9-50D912BFA2B2}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4BCD16D0-BA72-4F0D-88F9-50D912BFA2B2}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4BCD16D0-BA72-4F0D-88F9-50D912BFA2B2}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4F9B0706-0A8F-45B0-BFA6-C66CD45246D7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4F9B0706-0A8F-45B0-BFA6-C66CD45246D7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{4F9B0706-0A8F-45B0-BFA6-C66CD45246D7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{50DF4F13-4188-49C3-B2FB-A76404DC0ACF}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{50DF4F13-4188-49C3-B2FB-A76404DC0ACF}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{50DF4F13-4188-49C3-B2FB-A76404DC0ACF}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5163E94E-4C07-420B-B173-320232B8AFB7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5163E94E-4C07-420B-B173-320232B8AFB7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5163E94E-4C07-420B-B173-320232B8AFB7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{53440D79-CD2D-4013-B192-D478AE882E53}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{53440D79-CD2D-4013-B192-D478AE882E53}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{53440D79-CD2D-4013-B192-D478AE882E53}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54692DB7-FC98-4D5E-AC15-CC5095FA5669}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54692DB7-FC98-4D5E-AC15-CC5095FA5669}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54692DB7-FC98-4D5E-AC15-CC5095FA5669}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54D8069E-E75A-4437-B45B-8EB3B8C97434}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54D8069E-E75A-4437-B45B-8EB3B8C97434}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{54D8069E-E75A-4437-B45B-8EB3B8C97434}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5530E8CC-1B9E-4798-A880-BA719ADFBBBD}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5530E8CC-1B9E-4798-A880-BA719ADFBBBD}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5530E8CC-1B9E-4798-A880-BA719ADFBBBD}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{55E51B6E-7D17-4C80-859E-3007A1F2B6AA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{55E51B6E-7D17-4C80-859E-3007A1F2B6AA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{55E51B6E-7D17-4C80-859E-3007A1F2B6AA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{58e3c745-d971-4081-9034-86e34b30836a}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{58e3c745-d971-4081-9034-86e34b30836a}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{58e3c745-d971-4081-9034-86e34b30836a}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5902614C-D9C7-4902-9F7F-BAF85454D0B2}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5902614C-D9C7-4902-9F7F-BAF85454D0B2}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5902614C-D9C7-4902-9F7F-BAF85454D0B2}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5A2C0E5E-5974-4E44-B4C6-AD4C2B6BAF53}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5A2C0E5E-5974-4E44-B4C6-AD4C2B6BAF53}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5A2C0E5E-5974-4E44-B4C6-AD4C2B6BAF53}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5BB16858-F647-465E-BCFD-010EE9DD41B7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5BB16858-F647-465E-BCFD-010EE9DD41B7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5BB16858-F647-465E-BCFD-010EE9DD41B7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D461B44-2753-4DD7-B2C0-BAB71B1F4C1A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D461B44-2753-4DD7-B2C0-BAB71B1F4C1A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D461B44-2753-4DD7-B2C0-BAB71B1F4C1A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D611F64-7985-459B-BDFF-AEC069CB2625}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D611F64-7985-459B-BDFF-AEC069CB2625}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5D611F64-7985-459B-BDFF-AEC069CB2625}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DD91132-02E8-43F6-88BD-E50B7BE2EF29}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DD91132-02E8-43F6-88BD-E50B7BE2EF29}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DD91132-02E8-43F6-88BD-E50B7BE2EF29}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7aa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DE5B491-2CEA-4AD9-824A-982A22C0B64E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DE5B491-2CEA-4AD9-824A-982A22C0B64E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5DE5B491-2CEA-4AD9-824A-982A22C0B64E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7aa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5ea4f148-308c-46d7-98a9-49041b1dd468}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5ea4f148-308c-46d7-98a9-49041b1dd468}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5ea4f148-308c-46d7-98a9-49041b1dd468}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5FFAA809-0961-40CF-90A4-58037867FA50}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5FFAA809-0961-40CF-90A4-58037867FA50}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{5FFAA809-0961-40CF-90A4-58037867FA50}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7aac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60AC7FA0-A928-4D45-B4DD-AC70A6175E67}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60AC7FA0-A928-4D45-B4DD-AC70A6175E67}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60AC7FA0-A928-4D45-B4DD-AC70A6175E67}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ab0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60C811E8-C857-404E-98BB-EE5D83C1DF5A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60C811E8-C857-404E-98BB-EE5D83C1DF5A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{60C811E8-C857-404E-98BB-EE5D83C1DF5A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ab4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{62d8ed13-c9d0-4ce8-a914-47dd628fb1b0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ab8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{638f8e21-e157-40d7-97e0-a0c8e4c4e2b5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{638f8e21-e157-40d7-97e0-a0c8e4c4e2b5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{638f8e21-e157-40d7-97e0-a0c8e4c4e2b5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7abc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{63929D0B-AAAC-4DCA-AE8A-222EC37F7A88}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{63929D0B-AAAC-4DCA-AE8A-222EC37F7A88}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{63929D0B-AAAC-4DCA-AE8A-222EC37F7A88}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ac0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{641102EF-6463-46E9-842D-176013D7ACC8}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{641102EF-6463-46E9-842D-176013D7ACC8}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{641102EF-6463-46E9-842D-176013D7ACC8}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ac4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6775CCA4-CC42-44F7-800C-4E94FF1EA8C0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6775CCA4-CC42-44F7-800C-4E94FF1EA8C0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6775CCA4-CC42-44F7-800C-4E94FF1EA8C0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ac8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{67ca7650-96e6-4fdd-bb43-a8e774f73a57}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{67ca7650-96e6-4fdd-bb43-a8e774f73a57}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{67ca7650-96e6-4fdd-bb43-a8e774f73a57}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7acc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{685e7dc2-db57-4ed0-8b6d-5fe44d78d4f0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{685e7dc2-db57-4ed0-8b6d-5fe44d78d4f0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\classic_{685e7dc2-db57-4ed0-8b6d-5fe44d78d4f0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ad0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{68F4F33C-658C-4278-94C1-22B8E653F3E8}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{68F4F33C-658C-4278-94C1-22B8E653F3E8}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{68F4F33C-658C-4278-94C1-22B8E653F3E8}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ad4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF4-9060-469B-AB2E-948B6B68A883}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF4-9060-469B-AB2E-948B6B68A883}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF4-9060-469B-AB2E-948B6B68A883}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ad8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF5-9060-469B-AB2E-948B6B68A883}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF5-9060-469B-AB2E-948B6B68A883}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{693E4EF5-9060-469B-AB2E-948B6B68A883}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7adc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6A10BC7B-2586-4B57-A5AA-C14BDE743DC4}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6A10BC7B-2586-4B57-A5AA-C14BDE743DC4}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6A10BC7B-2586-4B57-A5AA-C14BDE743DC4}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ae0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6AE88B06-50B2-46B0-93EA-4B5C73D3A0B5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6AE88B06-50B2-46B0-93EA-4B5C73D3A0B5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6AE88B06-50B2-46B0-93EA-4B5C73D3A0B5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ae4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CA1F1CE-1FED-4D96-A82E-08CEDB139AA3}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CA1F1CE-1FED-4D96-A82E-08CEDB139AA3}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CA1F1CE-1FED-4D96-A82E-08CEDB139AA3}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ae8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CBA2898-2EFE-4604-9933-F1F64DAE2A32}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CBA2898-2EFE-4604-9933-F1F64DAE2A32}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6CBA2898-2EFE-4604-9933-F1F64DAE2A32}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7aec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7af0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{71D0780F-10D2-459C-983B-94A642161220}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{71D0780F-10D2-459C-983B-94A642161220}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{71D0780F-10D2-459C-983B-94A642161220}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7af4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{725be8f7-668e-4c7b-8f90-46bdb0936430}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{725be8f7-668e-4c7b-8f90-46bdb0936430}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{725be8f7-668e-4c7b-8f90-46bdb0936430}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7af8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{73C9C58C-2E01-4F68-B1B9-7A4DD2EF71F7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{73C9C58C-2E01-4F68-B1B9-7A4DD2EF71F7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{73C9C58C-2E01-4F68-B1B9-7A4DD2EF71F7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7afc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7429F4F9-AE58-401a-82AD-723F3C6BDDD6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7429F4F9-AE58-401a-82AD-723F3C6BDDD6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7429F4F9-AE58-401a-82AD-723F3C6BDDD6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{75AC9145-7EC9-4883-82A7-AD3429020AA0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{75AC9145-7EC9-4883-82A7-AD3429020AA0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{75AC9145-7EC9-4883-82A7-AD3429020AA0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{76F31A78-3FDA-4F80-B015-95CFD81463AD}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{76F31A78-3FDA-4F80-B015-95CFD81463AD}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{76F31A78-3FDA-4F80-B015-95CFD81463AD}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7a4d0c5d-51ad-443e-87c7-66b757586c56}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7a4d0c5d-51ad-443e-87c7-66b757586c56}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7a4d0c5d-51ad-443e-87c7-66b757586c56}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7ABBE8E6-757F-419A-B2E0-07D5694F8E0F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7ABBE8E6-757F-419A-B2E0-07D5694F8E0F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7ABBE8E6-757F-419A-B2E0-07D5694F8E0F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7B086E4E-366C-454A-85CC-B8B533482B10}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7B086E4E-366C-454A-85CC-B8B533482B10}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7B086E4E-366C-454A-85CC-B8B533482B10}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7C3E0552-96E2-4069-AC1C-208C146683CA}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7C3E0552-96E2-4069-AC1C-208C146683CA}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7C3E0552-96E2-4069-AC1C-208C146683CA}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7D13A5DB-6081-48BD-8EA3-A9D7FE67A335}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7D13A5DB-6081-48BD-8EA3-A9D7FE67A335}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7D13A5DB-6081-48BD-8EA3-A9D7FE67A335}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7DE6CF7C-B699-421B-A808-139E798E6C64}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7DE6CF7C-B699-421B-A808-139E798E6C64}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7DE6CF7C-B699-421B-A808-139E798E6C64}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7E5BC096-F558-419A-9326-BC6414D592C3}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7E5BC096-F558-419A-9326-BC6414D592C3}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7E5BC096-F558-419A-9326-BC6414D592C3}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7F8B6C83-2A89-47A0-B334-AA58D042CDEC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7F8B6C83-2A89-47A0-B334-AA58D042CDEC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{7F8B6C83-2A89-47A0-B334-AA58D042CDEC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8050502B-9B94-408C-BF49-D2D8887C1BCF}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8050502B-9B94-408C-BF49-D2D8887C1BCF}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8050502B-9B94-408C-BF49-D2D8887C1BCF}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{80f3f1d5-feca-45f3-bc32-752c152e456e}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{80f3f1d5-feca-45f3-bc32-752c152e456e}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{80f3f1d5-feca-45f3-bc32-752c152e456e}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{821FB666-D307-4865-86BB-68725A30999C}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{821FB666-D307-4865-86BB-68725A30999C}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{821FB666-D307-4865-86BB-68725A30999C}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{84C9670E-825D-4128-B173-2963886C5A3E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{84C9670E-825D-4128-B173-2963886C5A3E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{84C9670E-825D-4128-B173-2963886C5A3E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8562B9B8-812D-420C-9189-DC216D788A49}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8562B9B8-812D-420C-9189-DC216D788A49}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8562B9B8-812D-420C-9189-DC216D788A49}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{875FE7D6-5BDF-496F-B349-91E5E3625B86}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{875FE7D6-5BDF-496F-B349-91E5E3625B86}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{875FE7D6-5BDF-496F-B349-91E5E3625B86}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8774b87d-a2b4-49a0-8237-bfefd00646c2}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8774b87d-a2b4-49a0-8237-bfefd00646c2}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8774b87d-a2b4-49a0-8237-bfefd00646c2}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87842A7E-D784-458d-BEF4-CFDC632DCF3E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87842A7E-D784-458d-BEF4-CFDC632DCF3E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87842A7E-D784-458d-BEF4-CFDC632DCF3E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87d66a43-7b11-4a28-9811-c86ee395acf7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87d66a43-7b11-4a28-9811-c86ee395acf7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{87d66a43-7b11-4a28-9811-c86ee395acf7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{886EDAFC-1051-483F-8AE2-904087A7E580}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{886EDAFC-1051-483F-8AE2-904087A7E580}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{886EDAFC-1051-483F-8AE2-904087A7E580}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{88C9D04D-39DD-41EE-A63B-23218D69717F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{88C9D04D-39DD-41EE-A63B-23218D69717F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{88C9D04D-39DD-41EE-A63B-23218D69717F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8902C92D-5AB7-433B-9065-3F55F8334E29}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8902C92D-5AB7-433B-9065-3F55F8334E29}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8902C92D-5AB7-433B-9065-3F55F8334E29}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{895607E0-D0F9-48bd-B19E-96FBE9BBDCF9}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{895607E0-D0F9-48bd-B19E-96FBE9BBDCF9}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{895607E0-D0F9-48bd-B19E-96FBE9BBDCF9}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{89A2270D-DF2E-4172-8BA5-159D6AD00C15}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{89A2270D-DF2E-4172-8BA5-159D6AD00C15}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{89A2270D-DF2E-4172-8BA5-159D6AD00C15}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8bb27ec5-5cb3-4781-baee-3439df4806e4}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8bb27ec5-5cb3-4781-baee-3439df4806e4}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8bb27ec5-5cb3-4781-baee-3439df4806e4}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8D58F804-9520-4208-A527-7C2B6CB77B33}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8D58F804-9520-4208-A527-7C2B6CB77B33}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8D58F804-9520-4208-A527-7C2B6CB77B33}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E0C279D-0BD1-43C3-9EBD-31C3DC5B8A77}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E0C279D-0BD1-43C3-9EBD-31C3DC5B8A77}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E0C279D-0BD1-43C3-9EBD-31C3DC5B8A77}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E21794E-9303-44C5-A493-C3DC53C0E463}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E21794E-9303-44C5-A493-C3DC53C0E463}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8E21794E-9303-44C5-A493-C3DC53C0E463}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8e908fc9-becc-40f6-915b-f4ca0e70d03d}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8e908fc9-becc-40f6-915b-f4ca0e70d03d}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{8e908fc9-becc-40f6-915b-f4ca0e70d03d}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{906435EC-336D-4B77-BCD6-397DE8318852}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{906435EC-336D-4B77-BCD6-397DE8318852}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{906435EC-336D-4B77-BCD6-397DE8318852}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{907F262A-012A-4F6A-94C9-F479F3E6EE16}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{907F262A-012A-4F6A-94C9-F479F3E6EE16}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{907F262A-012A-4F6A-94C9-F479F3E6EE16}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{90ab71ce-bab6-4ca2-84fe-629338405756}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{90ab71ce-bab6-4ca2-84fe-629338405756}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{90ab71ce-bab6-4ca2-84fe-629338405756}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{91BA8E01-F854-4418-A108-E63323DDAE60}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{91BA8E01-F854-4418-A108-E63323DDAE60}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{91BA8E01-F854-4418-A108-E63323DDAE60}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9389633E-8BCB-4448-93CD-EBFFA0759257}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9389633E-8BCB-4448-93CD-EBFFA0759257}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9389633E-8BCB-4448-93CD-EBFFA0759257}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9430DB91-B966-4971-A955-E3DBA1F889E7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9430DB91-B966-4971-A955-E3DBA1F889E7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9430DB91-B966-4971-A955-E3DBA1F889E7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{944A41B9-C0FD-41AE-A6DF-5AC4FE5A59B4}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{944A41B9-C0FD-41AE-A6DF-5AC4FE5A59B4}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{944A41B9-C0FD-41AE-A6DF-5AC4FE5A59B4}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{950fd00b-c4a9-4465-852a-b1eb51e2e7f6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{950fd00b-c4a9-4465-852a-b1eb51e2e7f6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{950fd00b-c4a9-4465-852a-b1eb51e2e7f6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{955E7FFD-4DD9-4124-96FC-86C3C653DD33}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{955E7FFD-4DD9-4124-96FC-86C3C653DD33}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{955E7FFD-4DD9-4124-96FC-86C3C653DD33}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96BC4455-FDA3-4DE2-8B71-9D1953F0B32D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96BC4455-FDA3-4DE2-8B71-9D1953F0B32D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96BC4455-FDA3-4DE2-8B71-9D1953F0B32D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96DF8B78-8299-4BC1-B56B-6C375FBEC228}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96DF8B78-8299-4BC1-B56B-6C375FBEC228}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{96DF8B78-8299-4BC1-B56B-6C375FBEC228}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ba0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9891D47B-7E37-4265-BAD2-1FA991543B90}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9891D47B-7E37-4265-BAD2-1FA991543B90}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9891D47B-7E37-4265-BAD2-1FA991543B90}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ba4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{98CCA0B9-CF6C-4FFD-98E1-87BFEDDD4D21}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{98CCA0B9-CF6C-4FFD-98E1-87BFEDDD4D21}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{98CCA0B9-CF6C-4FFD-98E1-87BFEDDD4D21}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ba8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9B802EF5-59B7-4974-9022-06DC2A9B1677}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9B802EF5-59B7-4974-9022-06DC2A9B1677}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9B802EF5-59B7-4974-9022-06DC2A9B1677}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9BA8A9A5-F1C1-4F09-AE9A-EFEAA5961BE3}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9BA8A9A5-F1C1-4F09-AE9A-EFEAA5961BE3}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9BA8A9A5-F1C1-4F09-AE9A-EFEAA5961BE3}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9C39057F-5CE5-4BAB-BE61-2957A12EEC52}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9C39057F-5CE5-4BAB-BE61-2957A12EEC52}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9C39057F-5CE5-4BAB-BE61-2957A12EEC52}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c60de1e-e5fc-40f4-a487-460851a8d915}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c60de1e-e5fc-40f4-a487-460851a8d915}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c60de1e-e5fc-40f4-a487-460851a8d915}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9c73f5e5-7ae7-4e32-a8e8-8d23b85255bf}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9EF86966-2F35-49BE-A9F6-398E0B844411}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9EF86966-2F35-49BE-A9F6-398E0B844411}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9EF86966-2F35-49BE-A9F6-398E0B844411}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9fe63afd-59cf-4419-9775-abcc3849f861}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9fe63afd-59cf-4419-9775-abcc3849f861}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{9fe63afd-59cf-4419-9775-abcc3849f861}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a0275511-0e86-4eca-97c2-ecd8f1221d08}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a0275511-0e86-4eca-97c2-ecd8f1221d08}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a0275511-0e86-4eca-97c2-ecd8f1221d08}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A10DFF38-B2D2-44AC-952B-A2B5DC5D0C9F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A10DFF38-B2D2-44AC-952B-A2B5DC5D0C9F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A10DFF38-B2D2-44AC-952B-A2B5DC5D0C9F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a3dd4f92-658a-410f-84fd-6fbbbef2fffe}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A42E8D99-83E6-4D12-B403-F46059D02CF0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A42E8D99-83E6-4D12-B403-F46059D02CF0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A42E8D99-83E6-4D12-B403-F46059D02CF0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A7160DE5-E591-4D98-9BB0-0CAC99D5F2D5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A7160DE5-E591-4D98-9BB0-0CAC99D5F2D5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A7160DE5-E591-4D98-9BB0-0CAC99D5F2D5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A73DCDB5-E233-4FC2-8083-6E431939002A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A73DCDB5-E233-4FC2-8083-6E431939002A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{A73DCDB5-E233-4FC2-8083-6E431939002A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a8a91a66-3a7d-4424-8d24-04e180695c7a}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a8a91a66-3a7d-4424-8d24-04e180695c7a}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{a8a91a66-3a7d-4424-8d24-04e180695c7a}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7be0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AA9D2032-E8FB-4f8c-99C9-09F539AEBD59}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AA9D2032-E8FB-4f8c-99C9-09F539AEBD59}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AA9D2032-E8FB-4f8c-99C9-09F539AEBD59}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7be4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AACA901F-E74F-4894-B074-F55059532853}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AACA901F-E74F-4894-B074-F55059532853}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AACA901F-E74F-4894-B074-F55059532853}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7be8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AAF384A9-978C-41B6-B394-0C40C2EAAA4B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AAF384A9-978C-41B6-B394-0C40C2EAAA4B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AAF384A9-978C-41B6-B394-0C40C2EAAA4B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ABB4509D-9043-4EF2-8796-E4646ECF951D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ABB4509D-9043-4EF2-8796-E4646ECF951D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ABB4509D-9043-4EF2-8796-E4646ECF951D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AF3BA0EC-B240-401E-B4EE-3E89F275205B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AF3BA0EC-B240-401E-B4EE-3E89F275205B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{AF3BA0EC-B240-401E-B4EE-3E89F275205B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B0B4886C-4B31-4824-ADCD-0DAF5C8BAFF6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B0B4886C-4B31-4824-ADCD-0DAF5C8BAFF6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B0B4886C-4B31-4824-ADCD-0DAF5C8BAFF6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1207959-FFBF-4417-A6B1-4BF0EDA51F5A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1207959-FFBF-4417-A6B1-4BF0EDA51F5A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1207959-FFBF-4417-A6B1-4BF0EDA51F5A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B123B0AB-2E4E-4325-804A-32F99784DA0B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B123B0AB-2E4E-4325-804A-32F99784DA0B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B123B0AB-2E4E-4325-804A-32F99784DA0B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1FE5142-DEDD-409B-BCC8-547EC08DE84E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1FE5142-DEDD-409B-BCC8-547EC08DE84E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B1FE5142-DEDD-409B-BCC8-547EC08DE84E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{b2c761c6-29bc-4f19-9251-e6195265baf1}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{b2c761c6-29bc-4f19-9251-e6195265baf1}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{b2c761c6-29bc-4f19-9251-e6195265baf1}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B3C577FA-7C51-4259-A1C4-088BD0B0932E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B3C577FA-7C51-4259-A1C4-088BD0B0932E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B3C577FA-7C51-4259-A1C4-088BD0B0932E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B6B2793F-F4B9-49FD-B578-212C3C020892}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B6B2793F-F4B9-49FD-B578-212C3C020892}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B6B2793F-F4B9-49FD-B578-212C3C020892}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B7622F10-9A47-4BF2-B6EF-2C20B4510254}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B7622F10-9A47-4BF2-B6EF-2C20B4510254}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B7622F10-9A47-4BF2-B6EF-2C20B4510254}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B896819B-CF73-4da0-8F59-6E744A6BCD5F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B896819B-CF73-4da0-8F59-6E744A6BCD5F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B896819B-CF73-4da0-8F59-6E744A6BCD5F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B935C3B6-969C-4FC2-B96C-7F06794471AF}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B935C3B6-969C-4FC2-B96C-7F06794471AF}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B935C3B6-969C-4FC2-B96C-7F06794471AF}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B98AD935-426A-482B-9383-ED7D8BB99A6F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B98AD935-426A-482B-9383-ED7D8BB99A6F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{B98AD935-426A-482B-9383-ED7D8BB99A6F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BABB24A6-0242-4AE5-BD83-C5816526F63D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BABB24A6-0242-4AE5-BD83-C5816526F63D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BABB24A6-0242-4AE5-BD83-C5816526F63D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb06c0e4-d293-4f75-8a90-cb05b6477eee}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb06c0e4-d293-4f75-8a90-cb05b6477eee}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb06c0e4-d293-4f75-8a90-cb05b6477eee}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bb64f8a7-bee7-4e1a-ab8d-7d8273f7fdb6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BD256B65-94BE-4194-84BF-41D50D0EF26E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BD256B65-94BE-4194-84BF-41D50D0EF26E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BD256B65-94BE-4194-84BF-41D50D0EF26E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bd84b380-8ca2-1069-ab1d-08000948f534}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bd84b380-8ca2-1069-ab1d-08000948f534}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bd84b380-8ca2-1069-ab1d-08000948f534}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{be122a0e-4503-11da-8bde-f66bad1e3f3a}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{be122a0e-4503-11da-8bde-f66bad1e3f3a}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{be122a0e-4503-11da-8bde-f66bad1e3f3a}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BEC9E135-14C1-4e00-B5C8-899F26833A5A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BEC9E135-14C1-4e00-B5C8-899F26833A5A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{BEC9E135-14C1-4e00-B5C8-899F26833A5A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bf782cc9-5a52-4a17-806c-2a894ffeeac5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bf782cc9-5a52-4a17-806c-2a894ffeeac5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{bf782cc9-5a52-4a17-806c-2a894ffeeac5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C16A18A2-DC4F-4B7D-92F1-14C430AD17DC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C16A18A2-DC4F-4B7D-92F1-14C430AD17DC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C16A18A2-DC4F-4B7D-92F1-14C430AD17DC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3915CF9-A3D9-4EFD-B209-62C05793EE0F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3915CF9-A3D9-4EFD-B209-62C05793EE0F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3915CF9-A3D9-4EFD-B209-62C05793EE0F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3F521C1-249F-48FD-9D9D-731EA4568776}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3F521C1-249F-48FD-9D9D-731EA4568776}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C3F521C1-249F-48FD-9D9D-731EA4568776}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5361E07-6AA3-4453-81BC-93E8F85EABED}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5361E07-6AA3-4453-81BC-93E8F85EABED}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5361E07-6AA3-4453-81BC-93E8F85EABED}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c555438b-3c23-4769-a71f-b6d3d9b6053a}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c555438b-3c23-4769-a71f-b6d3d9b6053a}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c555438b-3c23-4769-a71f-b6d3d9b6053a}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c58c4893-3be0-4b45-abb5-a63e4b8c8651}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c58c4893-3be0-4b45-abb5-a63e4b8c8651}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{c58c4893-3be0-4b45-abb5-a63e4b8c8651}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5AE651D-D027-4D11-8125-595B9933C78B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5AE651D-D027-4D11-8125-595B9933C78B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C5AE651D-D027-4D11-8125-595B9933C78B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C7C81DAD-835C-45B0-9632-60F3EB5D55AC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C7C81DAD-835C-45B0-9632-60F3EB5D55AC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C7C81DAD-835C-45B0-9632-60F3EB5D55AC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C86B1923-8E1F-414B-83DB-94B09BA73E15}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C86B1923-8E1F-414B-83DB-94B09BA73E15}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{C86B1923-8E1F-414B-83DB-94B09BA73E15}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD2A5953-36A2-427D-B762-3610F37A5D89}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD2A5953-36A2-427D-B762-3610F37A5D89}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD2A5953-36A2-427D-B762-3610F37A5D89}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD95D0E3-6B3A-495B-9FDA-57FAD586304D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD95D0E3-6B3A-495B-9FDA-57FAD586304D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CD95D0E3-6B3A-495B-9FDA-57FAD586304D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CE4F7091-EEC0-400E-A019-38503D525293}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CE4F7091-EEC0-400E-A019-38503D525293}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CE4F7091-EEC0-400E-A019-38503D525293}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CF081448-68EC-4969-9F8B-BB23B329B712}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CF081448-68EC-4969-9F8B-BB23B329B712}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{CF081448-68EC-4969-9F8B-BB23B329B712}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d17d1d6d-cc3f-4815-8fe3-607e7d5d10b3}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D1AF7F5F-18C1-4143-81E5-EDAF02255883}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D1AF7F5F-18C1-4143-81E5-EDAF02255883}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D1AF7F5F-18C1-4143-81E5-EDAF02255883}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d20ea4e1-3957-11d2-a40b-0c5020524153}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d20ea4e1-3957-11d2-a40b-0c5020524153}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d20ea4e1-3957-11d2-a40b-0c5020524153}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D4690CFE-6A59-4BAB-BFF7-9ED0D083E798}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D4690CFE-6A59-4BAB-BFF7-9ED0D083E798}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D4690CFE-6A59-4BAB-BFF7-9ED0D083E798}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d555645e-d4f8-4c29-a827-d93c859c4f2a}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d555645e-d4f8-4c29-a827-d93c859c4f2a}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d555645e-d4f8-4c29-a827-d93c859c4f2a}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5BAC999-E706-4311-9DB0-86E117B1FD25}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5BAC999-E706-4311-9DB0-86E117B1FD25}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5BAC999-E706-4311-9DB0-86E117B1FD25}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5D5B38A-0FD8-43B6-8C7D-372D84BD357D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5D5B38A-0FD8-43B6-8C7D-372D84BD357D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D5D5B38A-0FD8-43B6-8C7D-372D84BD357D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D652F9E4-08FD-4A24-8EAC-05715188233E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D652F9E4-08FD-4A24-8EAC-05715188233E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D652F9E4-08FD-4A24-8EAC-05715188233E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D679D992-D843-4D3C-BFEA-5EDF4D37EE9F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D679D992-D843-4D3C-BFEA-5EDF4D37EE9F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D679D992-D843-4D3C-BFEA-5EDF4D37EE9F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D825FEC7-DA3D-456A-BEF2-20F07BA0449E}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D825FEC7-DA3D-456A-BEF2-20F07BA0449E}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D825FEC7-DA3D-456A-BEF2-20F07BA0449E}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ca0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D995F7E9-727D-4AD6-83F3-A4A753965A8F}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D995F7E9-727D-4AD6-83F3-A4A753965A8F}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{D995F7E9-727D-4AD6-83F3-A4A753965A8F}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ca4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d9ef8727-cac2-4e60-809e-86f80a666c91}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d9ef8727-cac2-4e60-809e-86f80a666c91}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{d9ef8727-cac2-4e60-809e-86f80a666c91}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ca8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{da9f1e02-aa94-40bf-b3cd-030231a10acc}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{da9f1e02-aa94-40bf-b3cd-030231a10acc}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{da9f1e02-aa94-40bf-b3cd-030231a10acc}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DAF32862-EF3D-4D61-AB92-47AEB51DDC80}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DAF32862-EF3D-4D61-AB92-47AEB51DDC80}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DAF32862-EF3D-4D61-AB92-47AEB51DDC80}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DD338333-7000-45CC-A84D-64680D6E683D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DD338333-7000-45CC-A84D-64680D6E683D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DD338333-7000-45CC-A84D-64680D6E683D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DDF23EF5-6677-42C1-92CB-29BDCB7375B8}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DDF23EF5-6677-42C1-92CB-29BDCB7375B8}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DDF23EF5-6677-42C1-92CB-29BDCB7375B8}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DF7B19EF-DEA5-47D7-BBA5-9FCBE400A59D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DF7B19EF-DEA5-47D7-BBA5-9FCBE400A59D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{DF7B19EF-DEA5-47D7-BBA5-9FCBE400A59D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E00117F3-53BA-4E06-B9BF-B8E22A1469E6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E00117F3-53BA-4E06-B9BF-B8E22A1469E6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E00117F3-53BA-4E06-B9BF-B8E22A1469E6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E07F215A-6022-40E0-A109-17078992E5F9}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E07F215A-6022-40E0-A109-17078992E5F9}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E07F215A-6022-40E0-A109-17078992E5F9}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E2394C16-F45A-496F-83CC-49E163281662}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E2394C16-F45A-496F-83CC-49E163281662}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E2394C16-F45A-496F-83CC-49E163281662}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e2e7934b-dce5-43c4-9576-7fe4f75e7480}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e2e7934b-dce5-43c4-9576-7fe4f75e7480}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e2e7934b-dce5-43c4-9576-7fe4f75e7480}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ccc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E4B554C8-B067-4540-A478-0565BB1F76B9}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E4B554C8-B067-4540-A478-0565BB1F76B9}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E4B554C8-B067-4540-A478-0565BB1F76B9}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E6243488-3449-4D4D-98AA-FFC14E3FF0F8}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E6243488-3449-4D4D-98AA-FFC14E3FF0F8}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E6243488-3449-4D4D-98AA-FFC14E3FF0F8}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E79BCB1B-EEB7-4180-98FD-BD47F6DCFF79}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E79BCB1B-EEB7-4180-98FD-BD47F6DCFF79}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E79BCB1B-EEB7-4180-98FD-BD47F6DCFF79}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e9950154-c418-419e-a90a-20c5287ae24b}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e9950154-c418-419e-a90a-20c5287ae24b}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{e9950154-c418-419e-a90a-20c5287ae24b}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E9C71548-B580-43B2-ACDB-1BA924002754}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E9C71548-B580-43B2-ACDB-1BA924002754}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{E9C71548-B580-43B2-ACDB-1BA924002754}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ce0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EBEC2956-F512-474D-8631-9E753CC40653}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EBEC2956-F512-474D-8631-9E753CC40653}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EBEC2956-F512-474D-8631-9E753CC40653}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ce4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ecdb0924-4208-451e-8ee0-373c0956de16}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ecdb0924-4208-451e-8ee0-373c0956de16}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ecdb0924-4208-451e-8ee0-373c0956de16}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7ce8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ED0FF627-BFD1-4F68-9A74-974E73F41A3A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ED0FF627-BFD1-4F68-9A74-974E73F41A3A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ED0FF627-BFD1-4F68-9A74-974E73F41A3A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{ed834ed6-4b5a-4bfe-8f11-a626dcb6a921}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE423D17-7ED8-4B33-9555-C23DEEAFB4B6}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE423D17-7ED8-4B33-9555-C23DEEAFB4B6}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE423D17-7ED8-4B33-9555-C23DEEAFB4B6}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE439E7E-CE1E-4ABE-9EA8-50F12ED01FE0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE439E7E-CE1E-4ABE-9EA8-50F12ED01FE0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EE439E7E-CE1E-4ABE-9EA8-50F12ED01FE0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF462183-352B-4DCF-811C-07FA7CFCD5AC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF462183-352B-4DCF-811C-07FA7CFCD5AC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF462183-352B-4DCF-811C-07FA7CFCD5AC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF8F379B-747B-4C8E-B3D1-4A29E6CF45AE}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF8F379B-747B-4C8E-B3D1-4A29E6CF45AE}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EF8F379B-747B-4C8E-B3D1-4A29E6CF45AE}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EFACECBA-BCCD-468B-BAB3-7CA40A898982}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EFACECBA-BCCD-468B-BAB3-7CA40A898982}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{EFACECBA-BCCD-468B-BAB3-7CA40A898982}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F025B6FD-D1CA-4a32-9BEB-DBEF1D2F6926}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F025B6FD-D1CA-4a32-9BEB-DBEF1D2F6926}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F025B6FD-D1CA-4a32-9BEB-DBEF1D2F6926}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F0E02D62-6C1D-4eb3-AC47-F8401425C6BC}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F0E02D62-6C1D-4eb3-AC47-F8401425C6BC}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F0E02D62-6C1D-4eb3-AC47-F8401425C6BC}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F120B10E-C882-4613-955F-B4DF13C6E803}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F120B10E-C882-4613-955F-B4DF13C6E803}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F120B10E-C882-4613-955F-B4DF13C6E803}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f2ddfc82-8f12-4cdd-b7dc-d4fe1425aa4d}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F2E71049-6F88-4A3B-9475-5A2B40B36092}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F2E71049-6F88-4A3B-9475-5A2B40B36092}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F2E71049-6F88-4A3B-9475-5A2B40B36092}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F3FD1F8E-B34A-49AE-95B9-5DBEAB5BFB49}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F3FD1F8E-B34A-49AE-95B9-5DBEAB5BFB49}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F3FD1F8E-B34A-49AE-95B9-5DBEAB5BFB49}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f56fbb39-e6d9-4b6d-9c29-ae82cff2925f}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f56fbb39-e6d9-4b6d-9c29-ae82cff2925f}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f56fbb39-e6d9-4b6d-9c29-ae82cff2925f}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f6b6e965-e9b2-444b-9286-10c9152edbc5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f6b6e965-e9b2-444b-9286-10c9152edbc5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f6b6e965-e9b2-444b-9286-10c9152edbc5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f82df8f7-8b9f-442e-a48c-818ea735ff9b}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f82df8f7-8b9f-442e-a48c-818ea735ff9b}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{f82df8f7-8b9f-442e-a48c-818ea735ff9b}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F96E2F30-2018-4F0E-BBEE-7CCBEE8CE714}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F96E2F30-2018-4F0E-BBEE-7CCBEE8CE714}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{F96E2F30-2018-4F0E-BBEE-7CCBEE8CE714}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FADA4BFB-4853-4547-B70F-1B565E7D907B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FADA4BFB-4853-4547-B70F-1B565E7D907B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FADA4BFB-4853-4547-B70F-1B565E7D907B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FD4FB8FA-F752-4E78-933B-8969E18BC9B5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FD4FB8FA-F752-4E78-933B-8969E18BC9B5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FD4FB8FA-F752-4E78-933B-8969E18BC9B5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FE777427-D33C-485B-A414-3BD5A2943162}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FE777427-D33C-485B-A414-3BD5A2943162}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FE777427-D33C-485B-A414-3BD5A2943162}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEBB9292-6110-4B9E-8565-91C4076E0A43}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEBB9292-6110-4B9E-8565-91C4076E0A43}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEBB9292-6110-4B9E-8565-91C4076E0A43}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEFF8F5D-EB40-485d-AC2A-EB7942DDF624}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEFF8F5D-EB40-485d-AC2A-EB7942DDF624}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FEFF8F5D-EB40-485d-AC2A-EB7942DDF624}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FFA33B6C-DC4D-438C-893F-EBF44A09BFC0}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FFA33B6C-DC4D-438C-893F-EBF44A09BFC0}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\Classic_{FFA33B6C-DC4D-438C-893F-EBF44A09BFC0}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\ControlPanel.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\CortanaSettings.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\CortanaSettings.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\CortanaSettings.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_0_FlashPlayerCPLApp.cpl.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_0_FlashPlayerCPLApp.cpl.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_0_FlashPlayerCPLApp.cpl.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{025A5937-A6BE-4686-A844-36FE4BEC8B6D}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{025A5937-A6BE-4686-A844-36FE4BEC8B6D}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{025A5937-A6BE-4686-A844-36FE4BEC8B6D}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{60632754-c523-4b62-b45c-4172da012619}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{60632754-c523-4b62-b45c-4172da012619}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{60632754-c523-4b62-b45c-4172da012619}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{6C8EEC18-8D75-41B2-A177-8831D59D2D50}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{6C8EEC18-8D75-41B2-A177-8831D59D2D50}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{6C8EEC18-8D75-41B2-A177-8831D59D2D50}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{7b81be6a-ce2b-4676-a29e-eb907a5126c5}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{7b81be6a-ce2b-4676-a29e-eb907a5126c5}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{7b81be6a-ce2b-4676-a29e-eb907a5126c5}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{96AE8D84-A250-4520-95A5-A47A7E3C548B}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{96AE8D84-A250-4520-95A5-A47A7E3C548B}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{96AE8D84-A250-4520-95A5-A47A7E3C548B}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{F942C606-0914-47AB-BE56-1321B8035096}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{F942C606-0914-47AB-BE56-1321B8035096}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\NameSpace_Classic_{F942C606-0914-47AB-BE56-1321B8035096}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\SettingsPane_{4B719A8A-CE18-4033-BE59-1083B40F25B7}.settingcontent-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\SettingsPane_{4B719A8A-CE18-4033-BE59-1083B40F25B7}.settingcontent-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\SettingsPane_{4B719A8A-CE18-4033-BE59-1083B40F25B7}.settingcontent-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d74
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7d7c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7d84
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7d8c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7d94
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7d9c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7da4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7dac
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x7db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Process #2: sihost.exe
86
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:04, Reason: Injection |
| Unmonitor | End Time: 00:01:18, Reason: Crashed |
| Monitor Duration | 00:00:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x704 |
| Parent PID | 0x324 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1A4
0x
968
0x
950
0x
490
0x
46C
0x
7CC
0x
7C8
0x
7BC
0x
7B0
0x
7AC
0x
774
0x
770
0x
76C
0x
708
0x
F30
0x
F90
0x
C38
0x
C34
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f0d0000 | 0x1e5f0d0000 | 0x1e5f0dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001e5f0e0000 | 0x1e5f0e0000 | 0x1e5f0e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f0f0000 | 0x1e5f0f0000 | 0x1e5f103fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f110000 | 0x1e5f110000 | 0x1e5f18ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f190000 | 0x1e5f190000 | 0x1e5f193fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f1a0000 | 0x1e5f1a0000 | 0x1e5f1a1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1e5f1b0000 | 0x1e5f26dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e5f270000 | 0x1e5f270000 | 0x1e5f2effff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f2f0000 | 0x1e5f2f0000 | 0x1e5f2f6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f300000 | 0x1e5f300000 | 0x1e5f300fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f310000 | 0x1e5f310000 | 0x1e5f310fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f320000 | 0x1e5f320000 | 0x1e5f320fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f330000 | 0x1e5f330000 | 0x1e5f330fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f340000 | 0x1e5f340000 | 0x1e5f43ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f440000 | 0x1e5f440000 | 0x1e5f53ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f540000 | 0x1e5f540000 | 0x1e5f54ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f550000 | 0x1e5f550000 | 0x1e5f6d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f6e0000 | 0x1e5f6e0000 | 0x1e5f860fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f870000 | 0x1e5f870000 | 0x1e60c6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x1e60c70000 | 0x1e60fa6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e60fb0000 | 0x1e60fb0000 | 0x1e6102ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61030000 | 0x1e61030000 | 0x1e610affff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e610b0000 | 0x1e610b0000 | 0x1e6112ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61130000 | 0x1e61130000 | 0x1e611affff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e611b0000 | 0x1e611b0000 | 0x1e6122ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61230000 | 0x1e61230000 | 0x1e612affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e612b0000 | 0x1e612b0000 | 0x1e612d9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001e612f0000 | 0x1e612f0000 | 0x1e612fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61300000 | 0x1e61300000 | 0x1e613fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61400000 | 0x1e61400000 | 0x1e61bfffff | Private Memory | - |
|
|
|
- |
| private_0x0000001e61c00000 | 0x1e61c00000 | 0x1e61c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61c80000 | 0x1e61c80000 | 0x1e61cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61d00000 | 0x1e61d00000 | 0x1e61d7ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x1e61d80000 | 0x1e61e5efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e61e60000 | 0x1e61e60000 | 0x1e61edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61ee0000 | 0x1e61ee0000 | 0x1e61f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61f60000 | 0x1e61f60000 | 0x1e61fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61fe0000 | 0x1e61fe0000 | 0x1e6205ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e62060000 | 0x1e62060000 | 0x1e620dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e620e0000 | 0x1e620e0000 | 0x1e621dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff450000 | 0x7df5ff450000 | 0x7ff5ff44ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff7050ac000 | 0x7ff7050ac000 | 0x7ff7050adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050ae000 | 0x7ff7050ae000 | 0x7ff7050affff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b0000 | 0x7ff7050b0000 | 0x7ff7050b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b2000 | 0x7ff7050b2000 | 0x7ff7050b3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b4000 | 0x7ff7050b4000 | 0x7ff7050b5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b6000 | 0x7ff7050b6000 | 0x7ff7050b7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b8000 | 0x7ff7050b8000 | 0x7ff7050b9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050ba000 | 0x7ff7050ba000 | 0x7ff7050bbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050bc000 | 0x7ff7050bc000 | 0x7ff7050bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050be000 | 0x7ff7050be000 | 0x7ff7050bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff7050c0000 | 0x7ff7050c0000 | 0x7ff7051bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7051c0000 | 0x7ff7051c0000 | 0x7ff7051e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7051e3000 | 0x7ff7051e3000 | 0x7ff7051e4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e5000 | 0x7ff7051e5000 | 0x7ff7051e5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e6000 | 0x7ff7051e6000 | 0x7ff7051e7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e8000 | 0x7ff7051e8000 | 0x7ff7051e9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ea000 | 0x7ff7051ea000 | 0x7ff7051ebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ec000 | 0x7ff7051ec000 | 0x7ff7051edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ee000 | 0x7ff7051ee000 | 0x7ff7051effff | Private Memory | rw |
|
|
|
- |
| sihost.exe | 0x7ff705a50000 | 0x7ff705a65fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff7503c0000 | 0x7ff7503c0000 | 0x7ff750756fff | Private Memory | rwx |
|
|
|
- |
| staterepository.core.dll | 0x7ffc46310000 | 0x7ffc463a8fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.staterepository.dll | 0x7ffc463b0000 | 0x7ffc46641fff | Memory Mapped File | rwx |
|
|
|
- |
| licensemanagerapi.dll | 0x7ffc488a0000 | 0x7ffc488abfff | Memory Mapped File | rwx |
|
|
|
- |
| twinui.appcore.dll | 0x7ffc48970000 | 0x7ffc48b7cfff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelproxy.dll | 0x7ffc48b80000 | 0x7ffc48b94fff | Memory Mapped File | rwx |
|
|
|
- |
| sharehost.dll | 0x7ffc48c80000 | 0x7ffc48d24fff | Memory Mapped File | rwx |
|
|
|
- |
| appcontracts.dll | 0x7ffc48d30000 | 0x7ffc48ddbfff | Memory Mapped File | rwx |
|
|
|
- |
| wpportinglibrary.dll | 0x7ffc48de0000 | 0x7ffc48de8fff | Memory Mapped File | rwx |
|
|
|
- |
| modernexecserver.dll | 0x7ffc48df0000 | 0x7ffc48ec7fff | Memory Mapped File | rwx |
|
|
|
- |
| dsclient.dll | 0x7ffc48ed0000 | 0x7ffc48edbfff | Memory Mapped File | rwx |
|
|
|
- |
| userdatatypehelperutil.dll | 0x7ffc48ee0000 | 0x7ffc48ef0fff | Memory Mapped File | rwx |
|
|
|
- |
| appointmentactivation.dll | 0x7ffc48f00000 | 0x7ffc48f21fff | Memory Mapped File | rwx |
|
|
|
- |
| activationmanager.dll | 0x7ffc48f30000 | 0x7ffc48f8dfff | Memory Mapped File | rwx |
|
|
|
- |
| edputil.dll | 0x7ffc48f90000 | 0x7ffc48fbefff | Memory Mapped File | rwx |
|
|
|
- |
| clipboardserver.dll | 0x7ffc48fc0000 | 0x7ffc48feffff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.shell.servicehostbuilder.dll | 0x7ffc49460000 | 0x7ffc49471fff | Memory Mapped File | rwx |
|
|
|
- |
| desktopshellext.dll | 0x7ffc49480000 | 0x7ffc49496fff | Memory Mapped File | rwx |
|
|
|
- |
| coreuicomponents.dll | 0x7ffc49bb0000 | 0x7ffc49e10fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandbrokerclient.dll | 0x7ffc4b000000 | 0x7ffc4b010fff | Memory Mapped File | rwx |
|
|
|
- |
| notificationplatformcomponent.dll | 0x7ffc4b020000 | 0x7ffc4b02cfff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelclient.dll | 0x7ffc4b030000 | 0x7ffc4b072fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp110_win.dll | 0x7ffc4f8f0000 | 0x7ffc4f981fff | Memory Mapped File | rwx |
|
|
|
- |
| policymanager.dll | 0x7ffc4f990000 | 0x7ffc4f9c8fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| usermgrproxy.dll | 0x7ffc50d40000 | 0x7ffc50d7dfff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| mmdevapi.dll | 0x7ffc51340000 | 0x7ffc513b1fff | Memory Mapped File | rwx |
|
|
|
- |
| usermgrcli.dll | 0x7ffc51410000 | 0x7ffc5141ffff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x7ffc525f0000 | 0x7ffc52611fff | Memory Mapped File | rwx |
|
|
|
- |
| coremessaging.dll | 0x7ffc52730000 | 0x7ffc527f7fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| rmclient.dll | 0x7ffc531b0000 | 0x7ffc531d7fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\users\Public\sys | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
Threads
Thread 0xf30
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #3: taskhostw.exe
88
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:05, Reason: Injection |
| Unmonitor | End Time: 00:04:44, Reason: Crashed |
| Monitor Duration | 00:03:39 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x77c |
| Parent PID | 0x324 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
82C
0x
B7C
0x
AB0
0x
A2C
0x
940
0x
93C
0x
938
0x
934
0x
7B4
0x
780
0x
F74
0x
FD0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000a699760000 | 0xa699760000 | 0xa69976ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a699770000 | 0xa699770000 | 0xa699776fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699780000 | 0xa699780000 | 0xa699793fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a6997a0000 | 0xa6997a0000 | 0xa69981ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699820000 | 0xa699820000 | 0xa699823fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699830000 | 0xa699830000 | 0xa699830fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a699840000 | 0xa699840000 | 0xa699841fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699850000 | 0xa699850000 | 0xa699856fff | Private Memory | rw |
|
|
|
- |
| taskhostw.exe.mui | 0xa699860000 | 0xa699860fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a699870000 | 0xa699870000 | 0xa699870fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699880000 | 0xa699880000 | 0xa699880fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699890000 | 0xa699890000 | 0xa699893fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a6998a0000 | 0xa6998a0000 | 0xa6998a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a6998b0000 | 0xa6998b0000 | 0xa6999affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xa6999b0000 | 0xa699a6dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000a699a70000 | 0xa699a70000 | 0xa699a7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa699a80000 | 0xa699a8ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699a90000 | 0xa699a9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699aa0000 | 0xa699aaffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699ab0000 | 0xa699abffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699ac0000 | 0xa699acffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699ad0000 | 0xa699adffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa699ae0000 | 0xa699aeffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a699af0000 | 0xa699af0000 | 0xa699b6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699b70000 | 0xa699b70000 | 0xa699c27fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a699c30000 | 0xa699c30000 | 0xa699c3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699c40000 | 0xa699c40000 | 0xa699c40fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699c50000 | 0xa699c50000 | 0xa699c50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a699c60000 | 0xa699c60000 | 0xa699c60fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699c70000 | 0xa699c70000 | 0xa699c7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699c80000 | 0xa699c80000 | 0xa699e07fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699e10000 | 0xa699e10000 | 0xa699f90fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699fa0000 | 0xa699fa0000 | 0xa69b39ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a69b3a0000 | 0xa69b3a0000 | 0xa69b41ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b420000 | 0xa69b420000 | 0xa69b420fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b430000 | 0xa69b430000 | 0xa69b43ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b440000 | 0xa69b440000 | 0xa69b44ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b450000 | 0xa69b450000 | 0xa69b45ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b460000 | 0xa69b460000 | 0xa69b46ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b470000 | 0xa69b470000 | 0xa69b47ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b480000 | 0xa69b480000 | 0xa69b48ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69b490000 | 0xa69b490000 | 0xa69b497fff | Private Memory | rw |
|
|
|
- |
| winmm.dll.mui | 0xa69b4a0000 | 0xa69b4a5fff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4b0000 | 0xa69b4bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4c0000 | 0xa69b4cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4d0000 | 0xa69b4dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4e0000 | 0xa69b4effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4f0000 | 0xa69b4fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b500000 | 0xa69b50ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b510000 | 0xa69b51ffff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0xa69b520000 | 0xa69b856fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a69b860000 | 0xa69b860000 | 0xa69b8dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b8e0000 | 0xa69b8e0000 | 0xa69b95ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b960000 | 0xa69b960000 | 0xa69ba5ffff | Private Memory | rw |
|
|
|
- |
| msctfmonitor.dll.mui | 0xa69ba60000 | 0xa69ba60fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a69ba70000 | 0xa69ba70000 | 0xa69baeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69baf0000 | 0xa69baf0000 | 0xa69baf0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69bb00000 | 0xa69bb00000 | 0xa69bb06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb10000 | 0xa69bb10000 | 0xa69bb1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb20000 | 0xa69bb20000 | 0xa69bb2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb30000 | 0xa69bb30000 | 0xa69bb3ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb40000 | 0xa69bb40000 | 0xa69bb4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb50000 | 0xa69bb50000 | 0xa69bb5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb60000 | 0xa69bb60000 | 0xa69bb6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69bb70000 | 0xa69bb70000 | 0xa69cb6ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb70000 | 0xa69cb70000 | 0xa69cb70fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb80000 | 0xa69cb80000 | 0xa69cb80fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb90000 | 0xa69cb90000 | 0xa69cb93fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cba0000 | 0xa69cba0000 | 0xa69cba1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cbb0000 | 0xa69cbb0000 | 0xa69cbb0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cbc0000 | 0xa69cbc0000 | 0xa69cc4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cc50000 | 0xa69cc50000 | 0xa6a0c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a0c50000 | 0xa6a0c50000 | 0xa6a4c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a4c50000 | 0xa6a4c50000 | 0xa6a4c57fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4c60000 | 0xa6a4c6ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c70000 | 0xa6a4c7ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c80000 | 0xa6a4c8ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c90000 | 0xa6a4c9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ca0000 | 0xa6a4caffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cb0000 | 0xa6a4cbffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cc0000 | 0xa6a4ccffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cd0000 | 0xa6a4cdffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ce0000 | 0xa6a4ceffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cf0000 | 0xa6a4cfffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d00000 | 0xa6a4d0ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d10000 | 0xa6a4d1ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d20000 | 0xa6a4d2ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d30000 | 0xa6a4d3ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d40000 | 0xa6a4d4ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d50000 | 0xa6a4d5ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4d60000 | 0xa6a4d60000 | 0xa6a4ddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a4de0000 | 0xa6a4de0000 | 0xa6a4de7fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4df0000 | 0xa6a4dfffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e00000 | 0xa6a4e0ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e10000 | 0xa6a4e1ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e20000 | 0xa6a4e2ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e30000 | 0xa6a4e3ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e40000 | 0xa6a4e4ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4e50000 | 0xa6a4e50000 | 0xa6a4e57fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4e60000 | 0xa6a4e6ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e70000 | 0xa6a4e7ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000a6a4e80000 | 0xa6a4e80000 | 0xa6a4e8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4e90000 | 0xa6a4e9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ea0000 | 0xa6a4eaffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4eb0000 | 0xa6a4ebffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ec0000 | 0xa6a4ecffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ed0000 | 0xa6a4edffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4ee0000 | 0xa6a4ee0000 | 0xa6a4f5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a6a4f60000 | 0xa6a4f60000 | 0xa6a4f6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4f70000 | 0xa6a4f7ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4f80000 | 0xa6a4f8ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4f90000 | 0xa6a4f9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4fa0000 | 0xa6a4faffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4fb0000 | 0xa6a4fb0000 | 0xa6a502ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a5030000 | 0xa6a5030000 | 0xa6a50affff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a50b0000 | 0xa6a50b0000 | 0xa6a51affff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a51b0000 | 0xa6a51bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a51c0000 | 0xa6a51cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a51d0000 | 0xa6a51dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a51e0000 | 0xa6a51effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a51f0000 | 0xa6a51fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5200000 | 0xa6a520ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5210000 | 0xa6a521ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5220000 | 0xa6a522ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5230000 | 0xa6a523ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5240000 | 0xa6a524ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5250000 | 0xa6a525ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5260000 | 0xa6a526ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5270000 | 0xa6a527ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5280000 | 0xa6a528ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5290000 | 0xa6a529ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52a0000 | 0xa6a52affff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52b0000 | 0xa6a52bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52c0000 | 0xa6a52cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52d0000 | 0xa6a52dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52e0000 | 0xa6a52effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52f0000 | 0xa6a52fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5300000 | 0xa6a530ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5310000 | 0xa6a531ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5320000 | 0xa6a532ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5330000 | 0xa6a533ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5340000 | 0xa6a534ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a5350000 | 0xa6a5350000 | 0xa6a5357fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a5370000 | 0xa6a537ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffbd0000 | 0x7df5ffbd0000 | 0x7ff5ffbcffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff7503c0000 | 0x7ff7503c0000 | 0x7ff750756fff | Private Memory | rwx |
|
|
|
- |
| private_0x00007ff7cf4d4000 | 0x7ff7cf4d4000 | 0x7ff7cf4d5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cf4d6000 | 0x7ff7cf4d6000 | 0x7ff7cf4d7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cf4d8000 | 0x7ff7cf4d8000 | 0x7ff7cf4d9fff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 59 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Threads
Thread 0xf74
88
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #4: net.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "spooler" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:05, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf78 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F7C
0x
B84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000028d8f50000 | 0x28d8f50000 | 0x28d8f6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000028d8f70000 | 0x28d8f70000 | 0x28d8f83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000028d8f90000 | 0x28d8f90000 | 0x28d900ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000028d9010000 | 0x28d9010000 | 0x28d9013fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000028d9020000 | 0x28d9020000 | 0x28d9020fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000028d9030000 | 0x28d9030000 | 0x28d9031fff | Private Memory | rw |
|
|
|
- |
| private_0x00000028d9040000 | 0x28d9040000 | 0x28d913ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff1d0000 | 0x7df5ff1d0000 | 0x7ff5ff1cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9fa0000 | 0x7ff7c9fa0000 | 0x7ff7c9fc2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9fcd000 | 0x7ff7c9fcd000 | 0x7ff7c9fcefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9fcf000 | 0x7ff7c9fcf000 | 0x7ff7c9fcffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #5: runtimebroker.exe
143
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:07, Reason: Injection |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7f8 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A30
0x
A1C
0x
854
0x
83C
0x
808
0x
11C
0x
FA0
0x
FAC
0x
3E30
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x0000003cd1d40000 | 0x3cd1d40000 | 0x3cd1d4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000003cd1d50000 | 0x3cd1d50000 | 0x3cd1d50fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd1d60000 | 0x3cd1d60000 | 0x3cd1d73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd1d80000 | 0x3cd1d80000 | 0x3cd1dfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd1e00000 | 0x3cd1e00000 | 0x3cd1e03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd1e10000 | 0x3cd1e10000 | 0x3cd1e11fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd1e20000 | 0x3cd1e20000 | 0x3cd1e21fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd1e30000 | 0x3cd1e30000 | 0x3cd1e36fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x3cd1e40000 | 0x3cd1efdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd1f00000 | 0x3cd1f00000 | 0x3cd1ffffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2000000 | 0x3cd2000000 | 0x3cd207ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2080000 | 0x3cd2080000 | 0x3cd20fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2100000 | 0x3cd2100000 | 0x3cd2100fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2110000 | 0x3cd2110000 | 0x3cd2110fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd2120000 | 0x3cd2120000 | 0x3cd219ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd21a0000 | 0x3cd21a0000 | 0x3cd21a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd21b0000 | 0x3cd21b0000 | 0x3cd21d9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd21e0000 | 0x3cd21e0000 | 0x3cd21e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd21f0000 | 0x3cd21f0000 | 0x3cd21f6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2200000 | 0x3cd2200000 | 0x3cd2206fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2210000 | 0x3cd2210000 | 0x3cd228ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2290000 | 0x3cd2290000 | 0x3cd2290fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd22a0000 | 0x3cd22a0000 | 0x3cd22a0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000003cd2300000 | 0x3cd2300000 | 0x3cd23fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2400000 | 0x3cd2400000 | 0x3cd2587fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd2590000 | 0x3cd2590000 | 0x3cd2710fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd2720000 | 0x3cd2720000 | 0x3cd3b1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x3cd3b20000 | 0x3cd3e56fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd3e60000 | 0x3cd3e60000 | 0x3cd3edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3ee0000 | 0x3cd3ee0000 | 0x3cd3f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3f60000 | 0x3cd3f60000 | 0x3cd3fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3fe0000 | 0x3cd3fe0000 | 0x3cd40dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd4100000 | 0x3cd4100000 | 0x3cd41fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffbe0000 | 0x7df5ffbe0000 | 0x7ff5ffbdffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff609b8a000 | 0x7ff609b8a000 | 0x7ff609b8bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b8c000 | 0x7ff609b8c000 | 0x7ff609b8dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b8e000 | 0x7ff609b8e000 | 0x7ff609b8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff609b90000 | 0x7ff609b90000 | 0x7ff609c8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff609c90000 | 0x7ff609c90000 | 0x7ff609cb2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff609cb4000 | 0x7ff609cb4000 | 0x7ff609cb5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cb6000 | 0x7ff609cb6000 | 0x7ff609cb7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cb8000 | 0x7ff609cb8000 | 0x7ff609cb9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cba000 | 0x7ff609cba000 | 0x7ff609cbbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cbc000 | 0x7ff609cbc000 | 0x7ff609cbdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cbe000 | 0x7ff609cbe000 | 0x7ff609cbefff | Private Memory | rw |
|
|
|
- |
| runtimebroker.exe | 0x7ff60a170000 | 0x7ff60a185fff | Memory Mapped File | rwx |
|
|
|
- |
| ntoskrnl.exe | 0x7ff6efa30000 | 0x7ff6f0281fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff7503c0000 | 0x7ff7503c0000 | 0x7ff750756fff | Private Memory | rwx |
|
|
|
- |
| windows.networking.hostname.dll | 0x7ffc42260000 | 0x7ffc42297fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.internal.shell.broker.dll | 0x7ffc44180000 | 0x7ffc44211fff | Memory Mapped File | rwx |
|
|
|
- |
| authbroker.dll | 0x7ffc44ce0000 | 0x7ffc44d05fff | Memory Mapped File | rwx |
|
|
|
- |
| msauserext.dll | 0x7ffc44d10000 | 0x7ffc44d29fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc44de0000 | 0x7ffc44e92fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.networking.connectivity.dll | 0x7ffc469c0000 | 0x7ffc46a6bfff | Memory Mapped File | rwx |
|
|
|
- |
| wwapi.dll | 0x7ffc46cf0000 | 0x7ffc46d05fff | Memory Mapped File | rwx |
|
|
|
- |
| tokenbroker.dll | 0x7ffc486a0000 | 0x7ffc48765fff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelproxy.dll | 0x7ffc48b80000 | 0x7ffc48b94fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelclient.dll | 0x7ffc4b030000 | 0x7ffc4b072fff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| wlanapi.dll | 0x7ffc4b170000 | 0x7ffc4b1cefff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x7ffc4b290000 | 0x7ffc4b536fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| idstore.dll | 0x7ffc4cf00000 | 0x7ffc4cf26fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.ui.immersive.dll | 0x7ffc4dc10000 | 0x7ffc4ddc6fff | Memory Mapped File | rwx |
|
|
|
- |
| mrmcorer.dll | 0x7ffc4f1f0000 | 0x7ffc4f2fefff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x7ffc50bd0000 | 0x7ffc50bebfff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| mmdevapi.dll | 0x7ffc51340000 | 0x7ffc513b1fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| wtsapi32.dll | 0x7ffc52640000 | 0x7ffc52652fff | Memory Mapped File | rwx |
|
|
|
- |
| coremessaging.dll | 0x7ffc52730000 | 0x7ffc527f7fff | Memory Mapped File | rwx |
|
|
|
- |
| sppc.dll | 0x7ffc52bd0000 | 0x7ffc52bf4fff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x7ffc52c00000 | 0x7ffc52c25fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| sxs.dll | 0x7ffc54440000 | 0x7ffc544d7fff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Threads
Thread 0xfa0
143
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 |
Process #7: net.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:07, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb0 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB4
0x
C54
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000f2dc740000 | 0xf2dc740000 | 0xf2dc75ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f2dc740000 | 0xf2dc740000 | 0xf2dc74ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000f2dc750000 | 0xf2dc750000 | 0xf2dc756fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f2dc760000 | 0xf2dc760000 | 0xf2dc773fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f2dc780000 | 0xf2dc780000 | 0xf2dc7fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f2dc800000 | 0xf2dc800000 | 0xf2dc803fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000f2dc810000 | 0xf2dc810000 | 0xf2dc810fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f2dc820000 | 0xf2dc820000 | 0xf2dc821fff | Private Memory | rw |
|
|
|
- |
| private_0x000000f2dc830000 | 0xf2dc830000 | 0xf2dc8affff | Private Memory | rw |
|
|
|
- |
| private_0x000000f2dc8b0000 | 0xf2dc8b0000 | 0xf2dc8b6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000f2dc8c0000 | 0xf2dc8c0000 | 0xf2dc9bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf2dc9c0000 | 0xf2dca7dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f2dcc20000 | 0xf2dcc20000 | 0xf2dcc2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff410000 | 0x7df5ff410000 | 0x7ff5ff40ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7cab00000 | 0x7ff7cab00000 | 0x7ff7cabfffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7cac00000 | 0x7ff7cac00000 | 0x7ff7cac22fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7cac2b000 | 0x7ff7cac2b000 | 0x7ff7cac2cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cac2d000 | 0x7ff7cac2d000 | 0x7ff7cac2efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cac2f000 | 0x7ff7cac2f000 | 0x7ff7cac2ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #9: net.exe
0
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:09, Reason: Child Process |
| Unmonitor | End Time: 00:01:13, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfec |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FF0
0x
4F8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007774680000 | 0x7774680000 | 0x777469ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000077746a0000 | 0x77746a0000 | 0x77746b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000077746c0000 | 0x77746c0000 | 0x777473ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007774740000 | 0x7774740000 | 0x7774743fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007774750000 | 0x7774750000 | 0x7774750fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007774760000 | 0x7774760000 | 0x7774761fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007774930000 | 0x7774930000 | 0x7774a2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2f0000 | 0x7df5ff2f0000 | 0x7ff5ff2effff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca910000 | 0x7ff7ca910000 | 0x7ff7ca932fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca93d000 | 0x7ff7ca93d000 | 0x7ff7ca93dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca93e000 | 0x7ff7ca93e000 | 0x7ff7ca93ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #10: shellexperiencehost.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe |
| Command Line | "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca |
| Initial Working Directory | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:01:09, Reason: Injection |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:35 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x980 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
2E0
0x
53C
0x
7A4
0x
BFC
0x
BF4
0x
BF0
0x
BEC
0x
BE8
0x
BE4
0x
BE0
0x
BDC
0x
BD8
0x
BD4
0x
BD0
0x
BCC
0x
BC8
0x
BC4
0x
BC0
0x
BBC
0x
BB8
0x
BB4
0x
BB0
0x
BA0
0x
B9C
0x
B98
0x
B94
0x
B34
0x
B1C
0x
B0C
0x
9D0
0x
9C8
0x
9C4
0x
9C0
0x
9BC
0x
9B0
0x
9AC
0x
9A8
0x
9A4
0x
9A0
0x
99C
0x
998
0x
994
0x
990
0x
984
0x
408
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000da54c90000 | 0xda54c90000 | 0xda54c9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da54ca0000 | 0xda54ca0000 | 0xda54ca0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54cb0000 | 0xda54cb0000 | 0xda54cc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da54cd0000 | 0xda54cd0000 | 0xda54dcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54dd0000 | 0xda54dd0000 | 0xda54dd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da54de0000 | 0xda54de0000 | 0xda54de1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54df0000 | 0xda54df0000 | 0xda54df0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e00000 | 0xda54e00000 | 0xda54e29fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e30000 | 0xda54e30000 | 0xda54e30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da54e40000 | 0xda54e40000 | 0xda54e40fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e50000 | 0xda54e50000 | 0xda54e50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| 2504515037.pri | 0xda54e60000 | 0xda54e6bfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000da54e70000 | 0xda54e70000 | 0xda54e70fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da54e80000 | 0xda54e80000 | 0xda54e86fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54e90000 | 0xda54e90000 | 0xda54e90fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54ea0000 | 0xda54ea0000 | 0xda54ea0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54eb0000 | 0xda54eb0000 | 0xda54eb0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| resources.en-us.pri | 0xda54ed0000 | 0xda54edcfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000da54ee0000 | 0xda54ee0000 | 0xda54ee1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| windows.ui.xaml.dll.mui | 0xda54ef0000 | 0xda54ef9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da54f00000 | 0xda54f00000 | 0xda54ffffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xda55000000 | 0xda550bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da550c0000 | 0xda550c0000 | 0xda551bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da551c0000 | 0xda551c0000 | 0xda55347fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da55350000 | 0xda55350000 | 0xda5535ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da55360000 | 0xda55360000 | 0xda5536ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da55370000 | 0xda55370000 | 0xda5537ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| tilecache_100_0_header.bin | 0xda55380000 | 0xda55382fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x000000da55390000 | 0xda55390000 | 0xda55390fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da553a0000 | 0xda553a0000 | 0xda553a3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da553b0000 | 0xda553b0000 | 0xda553b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da553c0000 | 0xda553c0000 | 0xda553f1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da55400000 | 0xda55400000 | 0xda554fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da55500000 | 0xda55500000 | 0xda55680fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da55690000 | 0xda55690000 | 0xda56a8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da56a90000 | 0xda56a90000 | 0xda56b8ffff | Private Memory | rw |
|
|
|
- |
| windows.ui.xaml.resources.dll | 0xda56b90000 | 0xda56cc6fff | Memory Mapped File | r |
|
|
|
- |
| kernelbase.dll.mui | 0xda56cd0000 | 0xda56daefff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0xda56db0000 | 0xda570e6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da570f0000 | 0xda570f0000 | 0xda571effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da571f0000 | 0xda571f0000 | 0xda572effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da572f0000 | 0xda572f0000 | 0xda573effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da573f0000 | 0xda573f0000 | 0xda574effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da574f0000 | 0xda574f0000 | 0xda575effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da575f0000 | 0xda575f0000 | 0xda575f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da57600000 | 0xda57600000 | 0xda57603fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da57610000 | 0xda57610000 | 0xda57616fff | Private Memory | rw |
|
|
|
- |
| resources.pri | 0xda57620000 | 0xda576f3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da57700000 | 0xda57700000 | 0xda577fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da57800000 | 0xda57800000 | 0xda57ffffff | Private Memory | - |
|
|
|
- |
| private_0x000000da58000000 | 0xda58000000 | 0xda580fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58100000 | 0xda58100000 | 0xda581fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58200000 | 0xda58200000 | 0xda582fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58300000 | 0xda58300000 | 0xda583fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58400000 | 0xda58400000 | 0xda584fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58500000 | 0xda58500000 | 0xda585fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58600000 | 0xda58600000 | 0xda586fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58700000 | 0xda58700000 | 0xda587fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58800000 | 0xda58800000 | 0xda588fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58900000 | 0xda58900000 | 0xda589fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58b00000 | 0xda58b00000 | 0xda58bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58c00000 | 0xda58c00000 | 0xda58cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58e00000 | 0xda58e00000 | 0xda58efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59100000 | 0xda59100000 | 0xda591fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59200000 | 0xda59200000 | 0xda59200fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59220000 | 0xda59220000 | 0xda59220fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59230000 | 0xda59230000 | 0xda59230fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da59240000 | 0xda59240000 | 0xda59243fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59250000 | 0xda59250000 | 0xda59250fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da59260000 | 0xda59260000 | 0xda59263fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59270000 | 0xda59270000 | 0xda59276fff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0xda59280000 | 0xda592f5fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da59300000 | 0xda59300000 | 0xda593fffff | Private Memory | rw |
|
|
|
- |
| segoeui.ttf | 0xda59400000 | 0xda594defff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da594e0000 | 0xda594e0000 | 0xda594e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da594f0000 | 0xda594f0000 | 0xda594f3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59500000 | 0xda59500000 | 0xda595fffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-fontface.dat | 0xda59600000 | 0xda5a5fffff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat | 0xda5a600000 | 0xda5adfffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da5ae00000 | 0xda5ae00000 | 0xda5aefffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5af00000 | 0xda5af00000 | 0xda5affffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b000000 | 0xda5b000000 | 0xda5b0fffff | Private Memory | rw |
|
|
|
- |
| tilecache_100_0_data.bin | 0xda5b100000 | 0xda5b1fffff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x000000da5b200000 | 0xda5b200000 | 0xda5b4bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da5b4c0000 | 0xda5b4c0000 | 0xda5b5bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b5c0000 | 0xda5b5c0000 | 0xda5b6bffff | Private Memory | rw |
|
|
|
- |
| msxml6r.dll | 0xda5b6c0000 | 0xda5b6c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da5b700000 | 0xda5b700000 | 0xda5b7fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b800000 | 0xda5b800000 | 0xda5b8fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b900000 | 0xda5b900000 | 0xda5b97ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5ba00000 | 0xda5ba00000 | 0xda5bafffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bb00000 | 0xda5bb00000 | 0xda5bbfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bc00000 | 0xda5bc00000 | 0xda5bcfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bd00000 | 0xda5bd00000 | 0xda5bdfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5be00000 | 0xda5be00000 | 0xda5befffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bf00000 | 0xda5bf00000 | 0xda5bffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c000000 | 0xda5c000000 | 0xda5c0fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c100000 | 0xda5c100000 | 0xda5c1fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c200000 | 0xda5c200000 | 0xda5c2fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c300000 | 0xda5c300000 | 0xda5c3fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c400000 | 0xda5c400000 | 0xda5c4fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c500000 | 0xda5c500000 | 0xda5c5fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c600000 | 0xda5c600000 | 0xda5c6fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c700000 | 0xda5c700000 | 0xda5c7fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c800000 | 0xda5c800000 | 0xda5c8fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c900000 | 0xda5c900000 | 0xda5c9fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5ca00000 | 0xda5ca00000 | 0xda5cafffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cb00000 | 0xda5cb00000 | 0xda5cbfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cc00000 | 0xda5cc00000 | 0xda5ccfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cd00000 | 0xda5cd00000 | 0xda5cdfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cf00000 | 0xda5cf00000 | 0xda5cffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d000000 | 0xda5d000000 | 0xda5d0fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d1d0000 | 0xda5d1d0000 | 0xda5d1d6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d200000 | 0xda5d200000 | 0xda5d2fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d300000 | 0xda5d300000 | 0xda5d3fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d400000 | 0xda5d400000 | 0xda5d4fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d500000 | 0xda5d500000 | 0xda5d5fffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eca000 | 0x7ff631eca000 | 0x7ff631ecbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ecc000 | 0x7ff631ecc000 | 0x7ff631ecdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ece000 | 0x7ff631ece000 | 0x7ff631ecffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed2000 | 0x7ff631ed2000 | 0x7ff631ed3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed4000 | 0x7ff631ed4000 | 0x7ff631ed5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed6000 | 0x7ff631ed6000 | 0x7ff631ed7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed8000 | 0x7ff631ed8000 | 0x7ff631ed9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eda000 | 0x7ff631eda000 | 0x7ff631edbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631edc000 | 0x7ff631edc000 | 0x7ff631eddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ede000 | 0x7ff631ede000 | 0x7ff631edffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee0000 | 0x7ff631ee0000 | 0x7ff631ee1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee2000 | 0x7ff631ee2000 | 0x7ff631ee3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee4000 | 0x7ff631ee4000 | 0x7ff631ee5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee6000 | 0x7ff631ee6000 | 0x7ff631ee7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee8000 | 0x7ff631ee8000 | 0x7ff631ee9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eea000 | 0x7ff631eea000 | 0x7ff631eebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eec000 | 0x7ff631eec000 | 0x7ff631eedfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eee000 | 0x7ff631eee000 | 0x7ff631eeffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef0000 | 0x7ff631ef0000 | 0x7ff631ef1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef2000 | 0x7ff631ef2000 | 0x7ff631ef3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef4000 | 0x7ff631ef4000 | 0x7ff631ef5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef6000 | 0x7ff631ef6000 | 0x7ff631ef7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef8000 | 0x7ff631ef8000 | 0x7ff631ef9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631efa000 | 0x7ff631efa000 | 0x7ff631efbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631efc000 | 0x7ff631efc000 | 0x7ff631efdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631efe000 | 0x7ff631efe000 | 0x7ff631efffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f04000 | 0x7ff631f04000 | 0x7ff631f05fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f08000 | 0x7ff631f08000 | 0x7ff631f09fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f0c000 | 0x7ff631f0c000 | 0x7ff631f0dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f0e000 | 0x7ff631f0e000 | 0x7ff631f0ffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f10000 | 0x7ff631f10000 | 0x7ff631f11fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631f12000 | 0x7ff631f12000 | 0x7ff631f13fff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 91 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Process #12: net1.exe
67
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:10, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc58 |
| Parent PID | 0xfb0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C44
0x
CC4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008cfd740000 | 0x8cfd740000 | 0x8cfd75ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008cfd740000 | 0x8cfd740000 | 0x8cfd74ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000008cfd750000 | 0x8cfd750000 | 0x8cfd756fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008cfd760000 | 0x8cfd760000 | 0x8cfd773fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008cfd780000 | 0x8cfd780000 | 0x8cfd7fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008cfd800000 | 0x8cfd800000 | 0x8cfd803fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008cfd810000 | 0x8cfd810000 | 0x8cfd810fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008cfd820000 | 0x8cfd820000 | 0x8cfd821fff | Private Memory | rw |
|
|
|
- |
| private_0x0000008cfd830000 | 0x8cfd830000 | 0x8cfd8affff | Private Memory | rw |
|
|
|
- |
| private_0x0000008cfd8b0000 | 0x8cfd8b0000 | 0x8cfd8b6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x8cfd8c0000 | 0x8cfd8c2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000008cfd8d0000 | 0x8cfd8d0000 | 0x8cfd9cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x8cfd9d0000 | 0x8cfda8dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0x8cfda90000 | 0x8cfdac1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008cfdb20000 | 0x8cfdb20000 | 0x8cfdb2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff320000 | 0x7df5ff320000 | 0x7ff5ff31ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648bf0000 | 0x7ff648bf0000 | 0x7ff648ceffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648cf0000 | 0x7ff648cf0000 | 0x7ff648d12fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648d1a000 | 0x7ff648d1a000 | 0x7ff648d1bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648d1c000 | 0x7ff648d1c000 | 0x7ff648d1dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648d1e000 | 0x7ff648d1e000 | 0x7ff648d1efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xc44
67
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x8cfd8c0000 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 169 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 37 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Get Info | service_name = Audiosrv |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 53 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 54 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 70 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 |
Process #13: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:11, Reason: Child Process |
| Unmonitor | End Time: 00:01:13, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcc8 |
| Parent PID | 0xfec (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CEC
0x
C7C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008c94b80000 | 0x8c94b80000 | 0x8c94b9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008c94b80000 | 0x8c94b80000 | 0x8c94b8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000008c94b90000 | 0x8c94b90000 | 0x8c94b96fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008c94ba0000 | 0x8c94ba0000 | 0x8c94bb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008c94bc0000 | 0x8c94bc0000 | 0x8c94c3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008c94c40000 | 0x8c94c40000 | 0x8c94c43fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008c94c50000 | 0x8c94c50000 | 0x8c94c50fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008c94c60000 | 0x8c94c60000 | 0x8c94c61fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x8c94c70000 | 0x8c94d2dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008c94d30000 | 0x8c94d30000 | 0x8c94d36fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x8c94d40000 | 0x8c94d42fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000008c94d80000 | 0x8c94d80000 | 0x8c94e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008c94e80000 | 0x8c94e80000 | 0x8c94efffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x8c94f00000 | 0x8c94f31fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008c94ff0000 | 0x8c94ff0000 | 0x8c94ffffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff680000 | 0x7df5ff680000 | 0x7ff5ff67ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648cc0000 | 0x7ff648cc0000 | 0x7ff648dbffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648dc0000 | 0x7ff648dc0000 | 0x7ff648de2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648deb000 | 0x7ff648deb000 | 0x7ff648debfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648dec000 | 0x7ff648dec000 | 0x7ff648dedfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648dee000 | 0x7ff648dee000 | 0x7ff648deffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xcec
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x8c94d40000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #14: net1.exe
33
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "spooler" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:11, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcbc |
| Parent PID | 0xf78 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C88
0x
D54
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000079a8260000 | 0x79a8260000 | 0x79a827ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079a8260000 | 0x79a8260000 | 0x79a826ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000079a8270000 | 0x79a8270000 | 0x79a8276fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079a8280000 | 0x79a8280000 | 0x79a8293fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000079a82a0000 | 0x79a82a0000 | 0x79a831ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079a8320000 | 0x79a8320000 | 0x79a8323fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000079a8330000 | 0x79a8330000 | 0x79a8330fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000079a8340000 | 0x79a8340000 | 0x79a8341fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x79a8350000 | 0x79a840dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000079a8410000 | 0x79a8410000 | 0x79a848ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000079a8490000 | 0x79a8490000 | 0x79a8496fff | Private Memory | rw |
|
|
|
- |
| private_0x00000079a84a0000 | 0x79a84a0000 | 0x79a859ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x79a85a0000 | 0x79a85a2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x79a85b0000 | 0x79a85e1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000079a8790000 | 0x79a8790000 | 0x79a879ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff570000 | 0x7df5ff570000 | 0x7ff5ff56ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648910000 | 0x7ff648910000 | 0x7ff648a0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648a10000 | 0x7ff648a10000 | 0x7ff648a32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648a3b000 | 0x7ff648a3b000 | 0x7ff648a3cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648a3d000 | 0x7ff648a3d000 | 0x7ff648a3dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648a3e000 | 0x7ff648a3e000 | 0x7ff648a3ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xc88
33
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x79a85a0000 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 37 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 53 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 |
Process #15: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 1796 -s 744 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:12, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd40 |
| Parent PID | 0x704 (c:\windows\system32\sihost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D38
0x
CF8
0x
BF8
0x
7FC
0x
5B8
0x
728
0x
A58
0x
7C4
0x
248
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000443df80000 | 0x443df80000 | 0x443df9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443df80000 | 0x443df80000 | 0x443df8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000443df90000 | 0x443df90000 | 0x443df96fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443dfa0000 | 0x443dfa0000 | 0x443dfb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000443dfc0000 | 0x443dfc0000 | 0x443e03ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443e040000 | 0x443e040000 | 0x443e043fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e050000 | 0x443e050000 | 0x443e052fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000443e060000 | 0x443e060000 | 0x443e061fff | Private Memory | rw |
|
|
|
- |
| private_0x000000443e070000 | 0x443e070000 | 0x443e076fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x443e080000 | 0x443e083fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000443e090000 | 0x443e090000 | 0x443e09ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000443e0a0000 | 0x443e0a0000 | 0x443e0a0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000443e0b0000 | 0x443e0b0000 | 0x443e0b0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000443e0c0000 | 0x443e0c0000 | 0x443e1bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x443e1c0000 | 0x443e27dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000443e280000 | 0x443e280000 | 0x443e2fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443e300000 | 0x443e300000 | 0x443e300fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000443e310000 | 0x443e310000 | 0x443e310fff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x443e320000 | 0x443e385fff | Memory Mapped File | r |
|
|
|
- |
| faultrep.dll.mui | 0x443e390000 | 0x443e391fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000443e3a0000 | 0x443e3a0000 | 0x443e3a0fff | Private Memory | rw |
|
|
|
- |
| wer.dll.mui | 0x443e3b0000 | 0x443e3b2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000443e3c0000 | 0x443e3c0000 | 0x443e3c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443e3d0000 | 0x443e3d0000 | 0x443e3d1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e3e0000 | 0x443e3e0000 | 0x443e3e1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e3f0000 | 0x443e3f0000 | 0x443e3f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| werui.dll.mui | 0x443e3f0000 | 0x443e3f4fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000443e400000 | 0x443e400000 | 0x443e401fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e410000 | 0x443e410000 | 0x443e410fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e420000 | 0x443e420000 | 0x443e421fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e430000 | 0x443e430000 | 0x443e433fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000443e440000 | 0x443e440000 | 0x443e446fff | Private Memory | rw |
|
|
|
- |
| duser.dll.mui | 0x443e450000 | 0x443e450fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000443e460000 | 0x443e460000 | 0x443e46ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000443e470000 | 0x443e470000 | 0x443e5f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e600000 | 0x443e600000 | 0x443e780fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000443e790000 | 0x443e790000 | 0x443fb8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000443fb90000 | 0x443fb90000 | 0x443fc8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000443fc90000 | 0x443fc90000 | 0x443fd0ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000443fd10000 | 0x443fd10000 | 0x443fd1ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x443fd20000 | 0x4440056fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004440060000 | 0x4440060000 | 0x444015ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004440160000 | 0x4440160000 | 0x444025ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004440260000 | 0x4440260000 | 0x444045ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x4440460000 | 0x444053efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004440540000 | 0x4440540000 | 0x444063ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004440640000 | 0x4440640000 | 0x44406bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000044406c0000 | 0x44406c0000 | 0x444073ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004440740000 | 0x4440740000 | 0x44407bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000044407c0000 | 0x44407c0000 | 0x444083ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004440840000 | 0x4440840000 | 0x44408bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000044408c0000 | 0x44408c0000 | 0x4440977fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007df5ffd10000 | 0x7df5ffd10000 | 0x7ff5ffd0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff73988c000 | 0x7ff73988c000 | 0x7ff73988dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73988e000 | 0x7ff73988e000 | 0x7ff73988ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff739890000 | 0x7ff739890000 | 0x7ff73998ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff739990000 | 0x7ff739990000 | 0x7ff7399b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7399b3000 | 0x7ff7399b3000 | 0x7ff7399b4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399b5000 | 0x7ff7399b5000 | 0x7ff7399b6fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399b7000 | 0x7ff7399b7000 | 0x7ff7399b8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399b9000 | 0x7ff7399b9000 | 0x7ff7399bafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399bb000 | 0x7ff7399bb000 | 0x7ff7399bbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399bc000 | 0x7ff7399bc000 | 0x7ff7399bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7399be000 | 0x7ff7399be000 | 0x7ff7399bffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff739e30000 | 0x7ff739e7afff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e7f0000 | 0x7ffc3eccbfff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3f180000 | 0x7ffc3f32ffff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3fb50000 | 0x7ffc3fbedfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3fe00000 | 0x7ffc3ff89fff | Memory Mapped File | rwx |
|
|
|
- |
| atlthunk.dll | 0x7ffc41be0000 | 0x7ffc41beffff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc46700000 | 0x7ffc46790fff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7ffc46700000 | 0x7ffc4679afff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d0e0000 | 0x7ffc4d153fff | Memory Mapped File | rwx |
|
|
|
- |
| msls31.dll | 0x7ffc4d4a0000 | 0x7ffc4d4d7fff | Memory Mapped File | rwx |
|
|
|
- |
| duser.dll | 0x7ffc4f3a0000 | 0x7ffc4f438fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50dc0000 | 0x7ffc50de4fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc50df0000 | 0x7ffc50e4dfff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7ffc513d0000 | 0x7ffc513e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x7ffc525f0000 | 0x7ffc52611fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #16: searchui.exe
86
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe |
| Command Line | "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:01:13, Reason: Injection |
| Unmonitor | End Time: 00:02:33, Reason: Crashed |
| Monitor Duration | 00:01:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e4 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8C0
0x
B28
0x
B14
0x
B08
0x
B04
0x
B00
0x
AFC
0x
AF8
0x
AF0
0x
AC0
0x
ABC
0x
AB8
0x
AAC
0x
AA8
0x
AA4
0x
AA0
0x
A9C
0x
A98
0x
A88
0x
A28
0x
A24
0x
A20
0x
A18
0x
A14
0x
A0C
0x
A08
0x
A04
0x
A00
0x
9FC
0x
9F8
0x
9F4
0x
9F0
0x
9E8
0x
DD4
0x
1184
0x
11B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000ae80000000 | 0xae80000000 | 0xae80180fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ae80190000 | 0xae80190000 | 0xae8158ffff | Pagefile Backed Memory | r |
|
|
|
- |
| kernelbase.dll.mui | 0xae81590000 | 0xae8166efff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae81670000 | 0xae81670000 | 0xae8176ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0xae81770000 | 0xae81aa6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae81ab0000 | 0xae81ab0000 | 0xae81baffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81bb0000 | 0xae81bb0000 | 0xae81caffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81cb0000 | 0xae81cb0000 | 0xae81daffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81db0000 | 0xae81db0000 | 0xae81eaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81eb0000 | 0xae81eb0000 | 0xae81faffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81fb0000 | 0xae81fb0000 | 0xae820affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae821b0000 | 0xae821b0000 | 0xae821b0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| counters.dat | 0xae821c0000 | 0xae821c0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae821d0000 | 0xae821d0000 | 0xae821d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| resources.pri | 0xae821e0000 | 0xae82200fff | Memory Mapped File | r |
|
|
|
- |
| 2495906576.pri | 0xae82210000 | 0xae82223fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae82230000 | 0xae82230000 | 0xae82230fff | Pagefile Backed Memory | rw |
|
|
|
- |
| app.xbf | 0xae82240000 | 0xae82240fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae82250000 | 0xae82250000 | 0xae82250fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae82260000 | 0xae82260000 | 0xae82260fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82270000 | 0xae82270000 | 0xae82270fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae82280000 | 0xae82280000 | 0xae82280fff | Pagefile Backed Memory | rw |
|
|
|
- |
| dictionary.xbf | 0xae82290000 | 0xae82293fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae822a0000 | 0xae822a0000 | 0xae822a6fff | Private Memory | rw |
|
|
|
- |
| resources.en-us.pri | 0xae822b0000 | 0xae822c5fff | Memory Mapped File | r |
|
|
|
- |
| reactivecat1themeresources.xbf | 0xae822d0000 | 0xae822d4fff | Memory Mapped File | r |
|
|
|
- |
| speechtextinputthemeresources.xbf | 0xae822e0000 | 0xae822e1fff | Memory Mapped File | r |
|
|
|
- |
| cortanawindow.xbf | 0xae822f0000 | 0xae822f0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae82300000 | 0xae82300000 | 0xae823fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82400000 | 0xae82400000 | 0xae824fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82500000 | 0xae82500000 | 0xae825fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82600000 | 0xae82600000 | 0xae82dfffff | Private Memory | - |
|
|
|
- |
| private_0x000000ae82e00000 | 0xae82e00000 | 0xae82efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82f00000 | 0xae82f00000 | 0xae82ffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83000000 | 0xae83000000 | 0xae830fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83100000 | 0xae83100000 | 0xae831fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83200000 | 0xae83200000 | 0xae832fffff | Private Memory | rw |
|
|
|
- |
| shell32.dll.mui | 0xae83400000 | 0xae83460fff | Memory Mapped File | r |
|
|
|
- |
| chrome.xbf | 0xae83470000 | 0xae83477fff | Memory Mapped File | r |
|
|
|
- |
| msxml6r.dll | 0xae834a0000 | 0xae834a0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae834b0000 | 0xae834b0000 | 0xae834b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| homeburgermenucontrol.xbf | 0xae834c0000 | 0xae834c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae834d0000 | 0xae834d0000 | 0xae834d6fff | Private Memory | rw |
|
|
|
- |
| greetingscontrol.xbf | 0xae834e0000 | 0xae834e1fff | Memory Mapped File | r |
|
|
|
- |
| hostedwebviewcontrol.xbf | 0xae834f0000 | 0xae834f0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae83500000 | 0xae83500000 | 0xae835fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae83600000 | 0xae83600000 | 0xae836b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae836c0000 | 0xae836c0000 | 0xae836c6fff | Private Memory | rw |
|
|
|
- |
| speechtextinputcontrol.xbf | 0xae836d0000 | 0xae836d1fff | Memory Mapped File | r |
|
|
|
- |
| searchboxcontrol.xbf | 0xae836e0000 | 0xae836e0fff | Memory Mapped File | r |
|
|
|
- |
| windows.ui.xaml.dll.mui | 0xae836f0000 | 0xae836f9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae83700000 | 0xae83700000 | 0xae837fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83800000 | 0xae83800000 | 0xae838fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83900000 | 0xae83900000 | 0xae839fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83a00000 | 0xae83a00000 | 0xae83afffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0xae83b00000 | 0xae83b75fff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-fontface.dat | 0xae83b80000 | 0xae84b7ffff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0xae84b80000 | 0xae84c5efff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat | 0xae84c60000 | 0xae8545ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae85660000 | 0xae85660000 | 0xae85660fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85670000 | 0xae85670000 | 0xae85670fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85680000 | 0xae85680000 | 0xae85683fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae85690000 | 0xae85690000 | 0xae856affff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae856b0000 | 0xae856b0000 | 0xae856fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85700000 | 0xae85700000 | 0xae857fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85800000 | 0xae85800000 | 0xae858fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85900000 | 0xae85900000 | 0xae85900fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85910000 | 0xae85910000 | 0xae85910fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85920000 | 0xae85920000 | 0xae85920fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae85930000 | 0xae85930000 | 0xae85936fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85940000 | 0xae85940000 | 0xae85940fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae85950000 | 0xae85950000 | 0xae85950fff | Private Memory | rw |
|
|
|
- |
| edgehtml.dll.mui | 0xae85960000 | 0xae859bffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae859c0000 | 0xae859c0000 | 0xae859cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ae859d0000 | 0xae859d0000 | 0xae859dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae859e0000 | 0xae859e0000 | 0xae859fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85a00000 | 0xae85a00000 | 0xae85afffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85b00000 | 0xae85b00000 | 0xae85bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85c00000 | 0xae85c00000 | 0xae85cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85d00000 | 0xae85d00000 | 0xae85dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85e00000 | 0xae85e00000 | 0xae85efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85f00000 | 0xae85f00000 | 0xae85ffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86000000 | 0xae86000000 | 0xae860fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86100000 | 0xae86100000 | 0xae8611ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86120000 | 0xae86120000 | 0xae8616ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86170000 | 0xae86170000 | 0xae8626ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86270000 | 0xae86270000 | 0xae8628ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86290000 | 0xae86290000 | 0xae8638ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86390000 | 0xae86390000 | 0xae863affff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae863b0000 | 0xae863b0000 | 0xae863cffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae863d0000 | 0xae863d0000 | 0xae863effff | Private Memory | rw |
|
|
|
- |
| cortana.internal.search.winmd | 0xae863f0000 | 0xae86400fff | Memory Mapped File | rwx |
|
|
|
- |
| cortana.search.winmd | 0xae86410000 | 0xae86417fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae86420000 | 0xae86420000 | 0xae8643ffff | Private Memory | rw |
|
|
|
- |
| windows.foundation.winmd | 0xae86440000 | 0xae8644efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.winmd | 0xae86450000 | 0xae8646dfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae86470000 | 0xae86470000 | 0xae8656ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86570000 | 0xae86570000 | 0xae8658ffff | Private Memory | rw |
|
|
|
- |
| windows.storage.winmd | 0xae86590000 | 0xae865aafff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae865b0000 | 0xae865b0000 | 0xae865cffff | Private Memory | rw |
|
|
|
- |
| chakra.dll.mui | 0xae865d0000 | 0xae865d9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae865e0000 | 0xae865e0000 | 0xae865fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86620000 | 0xae86620000 | 0xae8663ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86680000 | 0xae86680000 | 0xae8669ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae866a0000 | 0xae866a0000 | 0xae866bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae866c0000 | 0xae866c0000 | 0xae867bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae867e0000 | 0xae867e0000 | 0xae867fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86800000 | 0xae86800000 | 0xae8681ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86820000 | 0xae86820000 | 0xae8683ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86840000 | 0xae86840000 | 0xae8685ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86860000 | 0xae86860000 | 0xae8687ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86880000 | 0xae86880000 | 0xae8689ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae868c0000 | 0xae868c0000 | 0xae868dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae868e0000 | 0xae868e0000 | 0xae868fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86900000 | 0xae86900000 | 0xae869fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86a00000 | 0xae86a00000 | 0xae86afffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86b00000 | 0xae86b00000 | 0xae86bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86c40000 | 0xae86c40000 | 0xae86c5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86c60000 | 0xae86c60000 | 0xae86c7ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000ae86c80000 | 0xae86c80000 | 0xae86c9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86ca0000 | 0xae86ca0000 | 0xae86cbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86cc0000 | 0xae86cc0000 | 0xae86cdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86ce0000 | 0xae86ce0000 | 0xae86cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d20000 | 0xae86d20000 | 0xae86d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d40000 | 0xae86d40000 | 0xae86d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d60000 | 0xae86d60000 | 0xae86d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d80000 | 0xae86d80000 | 0xae86d9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86da0000 | 0xae86da0000 | 0xae86dbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86dc0000 | 0xae86dc0000 | 0xae86ddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86de0000 | 0xae86de0000 | 0xae86dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e00000 | 0xae86e00000 | 0xae86e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e20000 | 0xae86e20000 | 0xae86e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e40000 | 0xae86e40000 | 0xae86f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f40000 | 0xae86f40000 | 0xae86f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f60000 | 0xae86f60000 | 0xae86f7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f80000 | 0xae86f80000 | 0xae86f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fa0000 | 0xae86fa0000 | 0xae86fbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fc0000 | 0xae86fc0000 | 0xae86fdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fe0000 | 0xae86fe0000 | 0xae86ffffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000ae87000000 | 0xae87000000 | 0xae870fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87100000 | 0xae87100000 | 0xae871fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87200000 | 0xae87200000 | 0xae872fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87300000 | 0xae87300000 | 0xae8731ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae873c0000 | 0xae873c0000 | 0xae874bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae874c0000 | 0xae874c0000 | 0xae874dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae874e0000 | 0xae874e0000 | 0xae874fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87600000 | 0xae87600000 | 0xae8761ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87620000 | 0xae87620000 | 0xae8763ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87640000 | 0xae87640000 | 0xae8765ffff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 248 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Threads
Thread 0xdd4
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #17: backgroundtaskhost.exe
86
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\backgroundtaskhost.exe |
| Command Line | "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:01:14, Reason: Injection |
| Unmonitor | End Time: 00:02:33, Reason: Crashed |
| Monitor Duration | 00:01:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8a4 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CAC
0x
C90
0x
C8C
0x
A40
0x
2CC
0x
52C
0x
A94
0x
40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000d829930000 | 0xd829930000 | 0xd82993ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000d829940000 | 0xd829940000 | 0xd829940fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d829950000 | 0xd829950000 | 0xd829963fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d829970000 | 0xd829970000 | 0xd8299effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d8299f0000 | 0xd8299f0000 | 0xd8299f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d829a00000 | 0xd829a00000 | 0xd829a01fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829a10000 | 0xd829a10000 | 0xd829a10fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xd829a20000 | 0xd829addfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d829ae0000 | 0xd829ae0000 | 0xd829ae0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829af0000 | 0xd829af0000 | 0xd829af6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829b00000 | 0xd829b00000 | 0xd829bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829c00000 | 0xd829c00000 | 0xd829c7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d829c80000 | 0xd829c80000 | 0xd829ca9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000d829cb0000 | 0xd829cb0000 | 0xd829d2ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829d30000 | 0xd829d30000 | 0xd829daffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d829db0000 | 0xd829db0000 | 0xd829db1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000d829de0000 | 0xd829de0000 | 0xd829de6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d829e00000 | 0xd829e00000 | 0xd829efffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d829f00000 | 0xd829f00000 | 0xd82a087fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d82a090000 | 0xd82a090000 | 0xd82a210fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d82a220000 | 0xd82a220000 | 0xd82b61ffff | Pagefile Backed Memory | r |
|
|
|
- |
| kernelbase.dll.mui | 0xd82b620000 | 0xd82b6fefff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0xd82b700000 | 0xd82ba36fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d82ba40000 | 0xd82ba40000 | 0xd82babffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d82bac0000 | 0xd82bac0000 | 0xd82bbbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d82bbc0000 | 0xd82bbc0000 | 0xd82bc3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d82bc40000 | 0xd82bc40000 | 0xd82bcbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa20000 | 0x7df5ffa20000 | 0x7ff5ffa1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff7503c0000 | 0x7ff7503c0000 | 0x7ff750756fff | Private Memory | rwx |
|
|
|
- |
| private_0x00007ff7e0aae000 | 0x7ff7e0aae000 | 0x7ff7e0aaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff7e0ab0000 | 0x7ff7e0ab0000 | 0x7ff7e0baffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7e0bb0000 | 0x7ff7e0bb0000 | 0x7ff7e0bd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7e0bd3000 | 0x7ff7e0bd3000 | 0x7ff7e0bd4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bd5000 | 0x7ff7e0bd5000 | 0x7ff7e0bd6fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bd7000 | 0x7ff7e0bd7000 | 0x7ff7e0bd8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bd9000 | 0x7ff7e0bd9000 | 0x7ff7e0bdafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bdb000 | 0x7ff7e0bdb000 | 0x7ff7e0bdcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bdd000 | 0x7ff7e0bdd000 | 0x7ff7e0bdefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0bdf000 | 0x7ff7e0bdf000 | 0x7ff7e0bdffff | Private Memory | rw |
|
|
|
- |
| backgroundtaskhost.exe | 0x7ff7e11b0000 | 0x7ff7e11b6fff | Memory Mapped File | rwx |
|
|
|
- |
| contentdeliverymanager.background.dll | 0x7ffc3ff90000 | 0x7ffc40203fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.applicationmodel.background.timebroker.dll | 0x7ffc424a0000 | 0x7ffc424abfff | Memory Mapped File | rwx |
|
|
|
- |
| biwinrt.dll | 0x7ffc44140000 | 0x7ffc44172fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.applicationdata.dll | 0x7ffc45050000 | 0x7ffc450a2fff | Memory Mapped File | rwx |
|
|
|
- |
| veeventdispatcher.dll | 0x7ffc46bb0000 | 0x7ffc46bf8fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.globalization.dll | 0x7ffc4d520000 | 0x7ffc4d6a5fff | Memory Mapped File | rwx |
|
|
|
- |
| mrmcorer.dll | 0x7ffc4f1f0000 | 0x7ffc4f2fefff | Memory Mapped File | rwx |
|
|
|
- |
| wincorlib.dll | 0x7ffc4f300000 | 0x7ffc4f369fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp110_win.dll | 0x7ffc4f8f0000 | 0x7ffc4f981fff | Memory Mapped File | rwx |
|
|
|
- |
| policymanager.dll | 0x7ffc4f990000 | 0x7ffc4f9c8fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| bcp47langs.dll | 0x7ffc52660000 | 0x7ffc526c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sppc.dll | 0x7ffc52bd0000 | 0x7ffc52bf4fff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x7ffc52c00000 | 0x7ffc52c25fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Threads
Thread 0xa94
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #18: sihost.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:14, Reason: Child Process |
| Unmonitor | End Time: 00:01:18, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdb4 |
| Parent PID | 0x704 (c:\windows\system32\sihost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs | - |
Process #19: net.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:19, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe28 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E20
0x
A10
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000004912b00000 | 0x4912b00000 | 0x4912b1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004912b20000 | 0x4912b20000 | 0x4912b33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004912b40000 | 0x4912b40000 | 0x4912bbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004912bc0000 | 0x4912bc0000 | 0x4912bc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004912bd0000 | 0x4912bd0000 | 0x4912bd0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004912be0000 | 0x4912be0000 | 0x4912be1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000004912d90000 | 0x4912d90000 | 0x4912e8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe90000 | 0x7df5ffe90000 | 0x7ff5ffe8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca750000 | 0x7ff7ca750000 | 0x7ff7ca772fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca778000 | 0x7ff7ca778000 | 0x7ff7ca778fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca77e000 | 0x7ff7ca77e000 | 0x7ff7ca77ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #21: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:19, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x90c |
| Parent PID | 0xe28 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AEC
0x
510
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005f14880000 | 0x5f14880000 | 0x5f1489ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005f14880000 | 0x5f14880000 | 0x5f1488ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000005f14890000 | 0x5f14890000 | 0x5f14896fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005f148a0000 | 0x5f148a0000 | 0x5f148b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005f148c0000 | 0x5f148c0000 | 0x5f1493ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005f14940000 | 0x5f14940000 | 0x5f14943fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005f14950000 | 0x5f14950000 | 0x5f14950fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005f14960000 | 0x5f14960000 | 0x5f14961fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5f14970000 | 0x5f14a2dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005f14a30000 | 0x5f14a30000 | 0x5f14a36fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x5f14a40000 | 0x5f14a42fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000005f14a60000 | 0x5f14a60000 | 0x5f14b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005f14b60000 | 0x5f14b60000 | 0x5f14bdffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x5f14be0000 | 0x5f14c11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005f14d90000 | 0x5f14d90000 | 0x5f14d9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff6e0000 | 0x7df5ff6e0000 | 0x7ff5ff6dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648810000 | 0x7ff648810000 | 0x7ff64890ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648910000 | 0x7ff648910000 | 0x7ff648932fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64893a000 | 0x7ff64893a000 | 0x7ff64893bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64893c000 | 0x7ff64893c000 | 0x7ff64893cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64893e000 | 0x7ff64893e000 | 0x7ff64893ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50dd0000 | 0x7ffc50de3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xaec
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x5f14a40000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #22: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 1916 -s 1152 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:04:44, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:21 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6d0 |
| Parent PID | 0x77c (c:\windows\system32\taskhostw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A80
0x
DFC
0x
754
0x
DF8
0x
E18
0x
2F0
0x
8A8
0x
6B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c3d2c20000 | 0xc3d2c20000 | 0xc3d2c3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d2c20000 | 0xc3d2c20000 | 0xc3d2c2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c3d2c30000 | 0xc3d2c30000 | 0xc3d2c36fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d2c40000 | 0xc3d2c40000 | 0xc3d2c53fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c3d2c60000 | 0xc3d2c60000 | 0xc3d2cdffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d2ce0000 | 0xc3d2ce0000 | 0xc3d2ce3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d2cf0000 | 0xc3d2cf0000 | 0xc3d2cf2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c3d2d00000 | 0xc3d2d00000 | 0xc3d2d01fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc3d2d10000 | 0xc3d2dcdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c3d2dd0000 | 0xc3d2dd0000 | 0xc3d2e4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d2e50000 | 0xc3d2e50000 | 0xc3d2e56fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0xc3d2e60000 | 0xc3d2e63fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c3d2e70000 | 0xc3d2e70000 | 0xc3d2e70fff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d2e80000 | 0xc3d2e80000 | 0xc3d2e80fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d2e90000 | 0xc3d2e90000 | 0xc3d2e90fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c3d2ea0000 | 0xc3d2ea0000 | 0xc3d2eaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d2eb0000 | 0xc3d2eb0000 | 0xc3d2faffff | Private Memory | rw |
|
|
|
- |
| faultrep.dll.mui | 0xc3d2fb0000 | 0xc3d2fb1fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0xc3d2fc0000 | 0xc3d2fc2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c3d2fd0000 | 0xc3d2fd0000 | 0xc3d2fd6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d2fe0000 | 0xc3d2fe0000 | 0xc3d2fe1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c3d2ff0000 | 0xc3d2ff0000 | 0xc3d2ffffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d3000000 | 0xc3d3000000 | 0xc3d3187fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d3190000 | 0xc3d3190000 | 0xc3d3310fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d3320000 | 0xc3d3320000 | 0xc3d471ffff | Pagefile Backed Memory | r |
|
|
|
- |
| ntdll.dll.mui | 0xc3d4720000 | 0xc3d4785fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000c3d4790000 | 0xc3d4790000 | 0xc3d4791fff | Pagefile Backed Memory | r |
|
|
|
- |
| werui.dll.mui | 0xc3d47a0000 | 0xc3d47a4fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000c3d47b0000 | 0xc3d47b0000 | 0xc3d47b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c3d47c0000 | 0xc3d47c0000 | 0xc3d47cffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0xc3d47d0000 | 0xc3d4b06fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000c3d4b10000 | 0xc3d4b10000 | 0xc3d4b10fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d4b20000 | 0xc3d4b20000 | 0xc3d4b21fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d4b30000 | 0xc3d4b30000 | 0xc3d4b33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c3d4b40000 | 0xc3d4b40000 | 0xc3d4b46fff | Private Memory | rw |
|
|
|
- |
| duser.dll.mui | 0xc3d4b50000 | 0xc3d4b50fff | Memory Mapped File | r |
|
|
|
- |
| comctl32.dll.mui | 0xc3d4b60000 | 0xc3d4b62fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000c3d4b70000 | 0xc3d4b70000 | 0xc3d4b70fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c3d4b80000 | 0xc3d4b80000 | 0xc3d4b82fff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d4b90000 | 0xc3d4b90000 | 0xc3d4c8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d4c90000 | 0xc3d4c90000 | 0xc3d4d8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d4d90000 | 0xc3d4d90000 | 0xc3d4e8ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0xc3d4e90000 | 0xc3d4f6efff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c3d4f70000 | 0xc3d4f70000 | 0xc3d506ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d5070000 | 0xc3d5070000 | 0xc3d50effff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d50f0000 | 0xc3d50f0000 | 0xc3d516ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d5170000 | 0xc3d5170000 | 0xc3d51effff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d51f0000 | 0xc3d51f0000 | 0xc3d526ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c3d5270000 | 0xc3d5270000 | 0xc3d52effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c3d52f0000 | 0xc3d52f0000 | 0xc3d53a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c3d53b0000 | 0xc3d53b0000 | 0xc3d58a1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| staticcache.dat | 0xc3d58b0000 | 0xc3d68effff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000c3d68f0000 | 0xc3d68f0000 | 0xc3d6938fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c3d6940000 | 0xc3d6940000 | 0xc3d6940fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffb20000 | 0x7df5ffb20000 | 0x7ff5ffb1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff7397be000 | 0x7ff7397be000 | 0x7ff7397bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff7397c0000 | 0x7ff7397c0000 | 0x7ff7398bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7398c0000 | 0x7ff7398c0000 | 0x7ff7398e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7398e3000 | 0x7ff7398e3000 | 0x7ff7398e4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398e5000 | 0x7ff7398e5000 | 0x7ff7398e5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398e6000 | 0x7ff7398e6000 | 0x7ff7398e7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398e8000 | 0x7ff7398e8000 | 0x7ff7398e9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398ea000 | 0x7ff7398ea000 | 0x7ff7398ebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398ec000 | 0x7ff7398ec000 | 0x7ff7398edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7398ee000 | 0x7ff7398ee000 | 0x7ff7398effff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff739e30000 | 0x7ff739e7afff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e090000 | 0x7ffc3e56bfff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3e820000 | 0x7ffc3e9cffff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3fb50000 | 0x7ffc3fbedfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3fe00000 | 0x7ffc3ff89fff | Memory Mapped File | rwx |
|
|
|
- |
| atlthunk.dll | 0x7ffc41be0000 | 0x7ffc41beffff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7ffc48e30000 | 0x7ffc48ecafff | Memory Mapped File | rwx |
|
|
|
- |
| msls31.dll | 0x7ffc48f30000 | 0x7ffc48f67fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc48f50000 | 0x7ffc48fe0fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc48f70000 | 0x7ffc48fe3fff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7ffc4d170000 | 0x7ffc4d187fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc4d190000 | 0x7ffc4d1b4fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d1c0000 | 0x7ffc4d21dfff | Memory Mapped File | rwx |
|
|
|
- |
| duser.dll | 0x7ffc4f3a0000 | 0x7ffc4f438fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x7ffc525f0000 | 0x7ffc52611fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #23: backgroundtaskhost.exe
86
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\backgroundtaskhost.exe |
| Command Line | "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:01:26, Reason: Injection |
| Unmonitor | End Time: 00:02:32, Reason: Crashed |
| Monitor Duration | 00:01:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xca4 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CF4
0x
CF0
0x
CDC
0x
CD8
0x
CA8
0x
8C4
0x
DB0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000319ae00000 | 0x319ae00000 | 0x319ae0ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000319ae10000 | 0x319ae10000 | 0x319ae10fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000319ae20000 | 0x319ae20000 | 0x319ae33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000319ae40000 | 0x319ae40000 | 0x319aebffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000319aec0000 | 0x319aec0000 | 0x319aec3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000319aed0000 | 0x319aed0000 | 0x319aed1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000319aee0000 | 0x319aee0000 | 0x319aee0fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x319aef0000 | 0x319afadfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000319afb0000 | 0x319afb0000 | 0x319b02ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319b030000 | 0x319b030000 | 0x319b030fff | Private Memory | rw |
|
|
|
- |
| private_0x000000319b040000 | 0x319b040000 | 0x319b046fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000319b050000 | 0x319b050000 | 0x319b079fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000319b0d0000 | 0x319b0d0000 | 0x319b0d6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000319b100000 | 0x319b100000 | 0x319b1fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319b200000 | 0x319b200000 | 0x319b2fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319b300000 | 0x319b300000 | 0x319b37ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000319b380000 | 0x319b380000 | 0x319b507fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000319b510000 | 0x319b510000 | 0x319b690fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000319b6a0000 | 0x319b6a0000 | 0x319ca9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| kernelbase.dll.mui | 0x319caa0000 | 0x319cb7efff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0x319cb80000 | 0x319ceb6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000319cec0000 | 0x319cec0000 | 0x319cf3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319cf40000 | 0x319cf40000 | 0x319cfbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319cfc0000 | 0x319cfc0000 | 0x319d0bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000319d0c0000 | 0x319d0c0000 | 0x319d13ffff | Private Memory | rw |
|
|
|
- |
| oleaut32.dll | 0x319d140000 | 0x319d1fcfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff840000 | 0x7df5ff840000 | 0x7ff5ff83ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff7503c0000 | 0x7ff7503c0000 | 0x7ff750756fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x00007ff7e0e40000 | 0x7ff7e0e40000 | 0x7ff7e0f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7e0f40000 | 0x7ff7e0f40000 | 0x7ff7e0f62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7e0f63000 | 0x7ff7e0f63000 | 0x7ff7e0f64fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f65000 | 0x7ff7e0f65000 | 0x7ff7e0f65fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f66000 | 0x7ff7e0f66000 | 0x7ff7e0f67fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f68000 | 0x7ff7e0f68000 | 0x7ff7e0f69fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f6a000 | 0x7ff7e0f6a000 | 0x7ff7e0f6bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f6c000 | 0x7ff7e0f6c000 | 0x7ff7e0f6dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7e0f6e000 | 0x7ff7e0f6e000 | 0x7ff7e0f6ffff | Private Memory | rw |
|
|
|
- |
| backgroundtaskhost.exe | 0x7ff7e11b0000 | 0x7ff7e11b6fff | Memory Mapped File | rwx |
|
|
|
- |
| mrmcorer.dll | 0x7ffc4f1f0000 | 0x7ffc4f2fefff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c0000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\ciihmnxmn6ps\desktop\zotci.exe | 0xf0c | address = 0x7ff7503c2870 |
|
1 |
Threads
Thread 0x8c4
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #24: net.exe
0
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xefc |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE8
0x
E08
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e5818f0000 | 0xe5818f0000 | 0xe58190ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e581910000 | 0xe581910000 | 0xe581923fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e581930000 | 0xe581930000 | 0xe5819affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e5819b0000 | 0xe5819b0000 | 0xe5819b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e5819c0000 | 0xe5819c0000 | 0xe5819c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e5819d0000 | 0xe5819d0000 | 0xe5819d1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e581a20000 | 0xe581a20000 | 0xe581b1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff020000 | 0x7df5ff020000 | 0x7ff5ff01ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7caa60000 | 0x7ff7caa60000 | 0x7ff7caa82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7caa85000 | 0x7ff7caa85000 | 0x7ff7caa85fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7caa8e000 | 0x7ff7caa8e000 | 0x7ff7caa8ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #26: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:31, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdec |
| Parent PID | 0xefc (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE4
0x
EE8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007bb1c50000 | 0x7bb1c50000 | 0x7bb1c6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007bb1c50000 | 0x7bb1c50000 | 0x7bb1c5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000007bb1c60000 | 0x7bb1c60000 | 0x7bb1c66fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007bb1c70000 | 0x7bb1c70000 | 0x7bb1c83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007bb1c90000 | 0x7bb1c90000 | 0x7bb1d0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007bb1d10000 | 0x7bb1d10000 | 0x7bb1d13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007bb1d20000 | 0x7bb1d20000 | 0x7bb1d20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007bb1d30000 | 0x7bb1d30000 | 0x7bb1d31fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7bb1d40000 | 0x7bb1dfdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007bb1e00000 | 0x7bb1e00000 | 0x7bb1e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000007bb1e80000 | 0x7bb1e80000 | 0x7bb1e86fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x7bb1e90000 | 0x7bb1e92fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x7bb1ea0000 | 0x7bb1ed1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007bb1ef0000 | 0x7bb1ef0000 | 0x7bb1feffff | Private Memory | rw |
|
|
|
- |
| private_0x0000007bb20b0000 | 0x7bb20b0000 | 0x7bb20bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa30000 | 0x7df5ffa30000 | 0x7ff5ffa2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6487d0000 | 0x7ff6487d0000 | 0x7ff6488cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6488d0000 | 0x7ff6488d0000 | 0x7ff6488f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6488fb000 | 0x7ff6488fb000 | 0x7ff6488fcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6488fd000 | 0x7ff6488fd000 | 0x7ff6488fefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6488ff000 | 0x7ff6488ff000 | 0x7ff6488fffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xde4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x7bb1e90000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #27: net.exe
0
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:33, Reason: Child Process |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xec8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
ECC
0x
E78
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000002fb3f30000 | 0x2fb3f30000 | 0x2fb3f4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002fb3f50000 | 0x2fb3f50000 | 0x2fb3f63fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002fb3f70000 | 0x2fb3f70000 | 0x2fb3feffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002fb3ff0000 | 0x2fb3ff0000 | 0x2fb3ff3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000002fb4000000 | 0x2fb4000000 | 0x2fb4000fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002fb4010000 | 0x2fb4010000 | 0x2fb4011fff | Private Memory | rw |
|
|
|
- |
| private_0x0000002fb40e0000 | 0x2fb40e0000 | 0x2fb41dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe90000 | 0x7df5ffe90000 | 0x7ff5ffe8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca1e0000 | 0x7ff7ca1e0000 | 0x7ff7ca202fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca20b000 | 0x7ff7ca20b000 | 0x7ff7ca20bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca20e000 | 0x7ff7ca20e000 | 0x7ff7ca20ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #29: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:34, Reason: Child Process |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe7c |
| Parent PID | 0xec8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E80
0x
E84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006922690000 | 0x6922690000 | 0x69226affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006922690000 | 0x6922690000 | 0x692269ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000069226a0000 | 0x69226a0000 | 0x69226a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000069226b0000 | 0x69226b0000 | 0x69226c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000069226d0000 | 0x69226d0000 | 0x692274ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006922750000 | 0x6922750000 | 0x6922753fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006922760000 | 0x6922760000 | 0x6922760fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006922770000 | 0x6922770000 | 0x6922771fff | Private Memory | rw |
|
|
|
- |
| private_0x0000006922780000 | 0x6922780000 | 0x6922786fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x6922790000 | 0x6922792fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000069227c0000 | 0x69227c0000 | 0x69228bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x69228c0000 | 0x692297dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006922980000 | 0x6922980000 | 0x69229fffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x6922a00000 | 0x6922a31fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006922ab0000 | 0x6922ab0000 | 0x6922abffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff6e0000 | 0x7df5ff6e0000 | 0x7ff5ff6dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648a40000 | 0x7ff648a40000 | 0x7ff648b3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648b40000 | 0x7ff648b40000 | 0x7ff648b62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648b6a000 | 0x7ff648b6a000 | 0x7ff648b6bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648b6c000 | 0x7ff648b6c000 | 0x7ff648b6cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648b6e000 | 0x7ff648b6e000 | 0x7ff648b6ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xe80
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x6922790000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #30: net.exe
0
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:46, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf4c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F8C
0x
CBC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c717270000 | 0xc717270000 | 0xc71728ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c717270000 | 0xc717270000 | 0xc71727ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c717280000 | 0xc717280000 | 0xc717286fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c717290000 | 0xc717290000 | 0xc7172a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c7172b0000 | 0xc7172b0000 | 0xc71732ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c717330000 | 0xc717330000 | 0xc717333fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c717340000 | 0xc717340000 | 0xc717340fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c717350000 | 0xc717350000 | 0xc717351fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc717360000 | 0xc71741dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c717420000 | 0xc717420000 | 0xc71749ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c7174a0000 | 0xc7174a0000 | 0xc7174a6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000c7174c0000 | 0xc7174c0000 | 0xc7175bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c7176d0000 | 0xc7176d0000 | 0xc7176dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff690000 | 0x7df5ff690000 | 0x7ff5ff68ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca0b0000 | 0x7ff7ca0b0000 | 0x7ff7ca1affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca1b0000 | 0x7ff7ca1b0000 | 0x7ff7ca1d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca1da000 | 0x7ff7ca1da000 | 0x7ff7ca1dafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca1dc000 | 0x7ff7ca1dc000 | 0x7ff7ca1ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca1de000 | 0x7ff7ca1de000 | 0x7ff7ca1dffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #32: net.exe
0
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:46, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd54 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F7C
0x
56C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b2a56c0000 | 0xb2a56c0000 | 0xb2a56dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b2a56c0000 | 0xb2a56c0000 | 0xb2a56cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000b2a56e0000 | 0xb2a56e0000 | 0xb2a56f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b2a5700000 | 0xb2a5700000 | 0xb2a577ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b2a5780000 | 0xb2a5780000 | 0xb2a5783fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b2a5790000 | 0xb2a5790000 | 0xb2a5790fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b2a57a0000 | 0xb2a57a0000 | 0xb2a57a1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb2a57b0000 | 0xb2a586dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b2a5890000 | 0xb2a5890000 | 0xb2a598ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffbb0000 | 0x7df5ffbb0000 | 0x7ff5ffbaffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca730000 | 0x7ff7ca730000 | 0x7ff7ca82ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca830000 | 0x7ff7ca830000 | 0x7ff7ca852fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca855000 | 0x7ff7ca855000 | 0x7ff7ca855fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca85e000 | 0x7ff7ca85e000 | 0x7ff7ca85ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #34: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc28 |
| Parent PID | 0xf4c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CD4
0x
AE8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007108050000 | 0x7108050000 | 0x710806ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007108050000 | 0x7108050000 | 0x710805ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000007108060000 | 0x7108060000 | 0x7108066fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007108070000 | 0x7108070000 | 0x7108083fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007108090000 | 0x7108090000 | 0x710810ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007108110000 | 0x7108110000 | 0x7108113fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007108120000 | 0x7108120000 | 0x7108120fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007108130000 | 0x7108130000 | 0x7108131fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007108140000 | 0x7108140000 | 0x71081bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000071081c0000 | 0x71081c0000 | 0x71081c6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x71081d0000 | 0x71081d2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000071081f0000 | 0x71081f0000 | 0x71082effff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x71082f0000 | 0x71083adfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0x71083b0000 | 0x71083e1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000071084a0000 | 0x71084a0000 | 0x71084affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2d0000 | 0x7df5ff2d0000 | 0x7ff5ff2cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6485b0000 | 0x7ff6485b0000 | 0x7ff6486affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6486b0000 | 0x7ff6486b0000 | 0x7ff6486d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6486d3000 | 0x7ff6486d3000 | 0x7ff6486d3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6486dc000 | 0x7ff6486dc000 | 0x7ff6486ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6486de000 | 0x7ff6486de000 | 0x7ff6486dffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xcd4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x71081d0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #35: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7c4 |
| Parent PID | 0xd54 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A58
0x
DB4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008d84670000 | 0x8d84670000 | 0x8d8468ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008d84670000 | 0x8d84670000 | 0x8d8467ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000008d84680000 | 0x8d84680000 | 0x8d84686fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008d84690000 | 0x8d84690000 | 0x8d846a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008d846b0000 | 0x8d846b0000 | 0x8d8472ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008d84730000 | 0x8d84730000 | 0x8d84733fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008d84740000 | 0x8d84740000 | 0x8d84740fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008d84750000 | 0x8d84750000 | 0x8d84751fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x8d84760000 | 0x8d8481dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008d84820000 | 0x8d84820000 | 0x8d8489ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008d848a0000 | 0x8d848a0000 | 0x8d848a6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x8d848b0000 | 0x8d848b2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000008d848d0000 | 0x8d848d0000 | 0x8d849cffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x8d849d0000 | 0x8d84a01fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008d84a30000 | 0x8d84a30000 | 0x8d84a3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2b0000 | 0x7df5ff2b0000 | 0x7ff5ff2affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6485a0000 | 0x7ff6485a0000 | 0x7ff64869ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6486a0000 | 0x7ff6486a0000 | 0x7ff6486c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6486ca000 | 0x7ff6486ca000 | 0x7ff6486cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6486cc000 | 0x7ff6486cc000 | 0x7ff6486ccfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6486ce000 | 0x7ff6486ce000 | 0x7ff6486cffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xa58
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x8d848b0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #36: net.exe
0
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10a4 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10A8
0x
10C0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b857e80000 | 0xb857e80000 | 0xb857e9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b857e80000 | 0xb857e80000 | 0xb857e8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b857e90000 | 0xb857e90000 | 0xb857e96fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b857ea0000 | 0xb857ea0000 | 0xb857eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b857ec0000 | 0xb857ec0000 | 0xb857f3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b857f40000 | 0xb857f40000 | 0xb857f43fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b857f50000 | 0xb857f50000 | 0xb857f50fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b857f60000 | 0xb857f60000 | 0xb857f61fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb857f70000 | 0xb85802dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b858030000 | 0xb858030000 | 0xb85812ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b858130000 | 0xb858130000 | 0xb8581affff | Private Memory | rw |
|
|
|
- |
| private_0x000000b8581b0000 | 0xb8581b0000 | 0xb8581b6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000b858240000 | 0xb858240000 | 0xb85824ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff890000 | 0x7df5ff890000 | 0x7ff5ff88ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9be0000 | 0x7ff7c9be0000 | 0x7ff7c9cdffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9ce0000 | 0x7ff7c9ce0000 | 0x7ff7c9d02fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9d0b000 | 0x7ff7c9d0b000 | 0x7ff7c9d0bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9d0c000 | 0x7ff7c9d0c000 | 0x7ff7c9d0dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9d0e000 | 0x7ff7c9d0e000 | 0x7ff7c9d0ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #38: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10c4 |
| Parent PID | 0x10a4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10C8
0x
10CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000003b22720000 | 0x3b22720000 | 0x3b2273ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003b22720000 | 0x3b22720000 | 0x3b2272ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000003b22730000 | 0x3b22730000 | 0x3b22736fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003b22740000 | 0x3b22740000 | 0x3b22753fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003b22760000 | 0x3b22760000 | 0x3b227dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003b227e0000 | 0x3b227e0000 | 0x3b227e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003b227f0000 | 0x3b227f0000 | 0x3b227f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003b22800000 | 0x3b22800000 | 0x3b22801fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x3b22810000 | 0x3b228cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003b228d0000 | 0x3b228d0000 | 0x3b2294ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003b22950000 | 0x3b22950000 | 0x3b22956fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x3b22960000 | 0x3b22962fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x3b22970000 | 0x3b229a1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003b229b0000 | 0x3b229b0000 | 0x3b22aaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003b22ca0000 | 0x3b22ca0000 | 0x3b22caffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffd40000 | 0x7df5ffd40000 | 0x7ff5ffd3ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648b10000 | 0x7ff648b10000 | 0x7ff648c0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648c10000 | 0x7ff648c10000 | 0x7ff648c32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648c3b000 | 0x7ff648c3b000 | 0x7ff648c3cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c3d000 | 0x7ff648c3d000 | 0x7ff648c3efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c3f000 | 0x7ff648c3f000 | 0x7ff648c3ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x10c8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x3b22960000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #39: net.exe
0
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10dc |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
10E0
0x
116C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ff8f7f0000 | 0xff8f7f0000 | 0xff8f80ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ff8f7f0000 | 0xff8f7f0000 | 0xff8f7fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000ff8f810000 | 0xff8f810000 | 0xff8f823fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ff8f830000 | 0xff8f830000 | 0xff8f8affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ff8f8b0000 | 0xff8f8b0000 | 0xff8f8b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ff8f8c0000 | 0xff8f8c0000 | 0xff8f8c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ff8f8d0000 | 0xff8f8d0000 | 0xff8f8d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xff8f8e0000 | 0xff8f99dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ff8fa60000 | 0xff8fa60000 | 0xff8fb5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa10000 | 0x7df5ffa10000 | 0x7ff5ffa0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9e40000 | 0x7ff7c9e40000 | 0x7ff7c9f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9f40000 | 0x7ff7c9f40000 | 0x7ff7c9f62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9f69000 | 0x7ff7c9f69000 | 0x7ff7c9f69fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9f6e000 | 0x7ff7c9f6e000 | 0x7ff7c9f6ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #41: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1170 |
| Parent PID | 0x10dc (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1174
0x
1178
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000062817c0000 | 0x62817c0000 | 0x62817dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000062817c0000 | 0x62817c0000 | 0x62817cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000062817d0000 | 0x62817d0000 | 0x62817d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000062817e0000 | 0x62817e0000 | 0x62817f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006281800000 | 0x6281800000 | 0x628187ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006281880000 | 0x6281880000 | 0x6281883fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006281890000 | 0x6281890000 | 0x6281890fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000062818a0000 | 0x62818a0000 | 0x62818a1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000062818b0000 | 0x62818b0000 | 0x62818b6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x62818c0000 | 0x62818c2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000062818e0000 | 0x62818e0000 | 0x62819dffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x62819e0000 | 0x6281a9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006281aa0000 | 0x6281aa0000 | 0x6281b1ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x6281b20000 | 0x6281b51fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006281ba0000 | 0x6281ba0000 | 0x6281baffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff980000 | 0x7df5ff980000 | 0x7ff5ff97ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648100000 | 0x7ff648100000 | 0x7ff6481fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648200000 | 0x7ff648200000 | 0x7ff648222fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648227000 | 0x7ff648227000 | 0x7ff648227fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64822c000 | 0x7ff64822c000 | 0x7ff64822dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64822e000 | 0x7ff64822e000 | 0x7ff64822ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1174
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x62818c0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #42: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 3236 -s 624 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:33 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x118c |
| Parent PID | 0xca4 (c:\windows\system32\backgroundtaskhost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1190
0x
119C
0x
1234
0x
1238
0x
123C
0x
1240
0x
858
0x
1C6C
0x
1E48
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000007859e0000 | 0x7859e0000 | 0x7859fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000007859e0000 | 0x7859e0000 | 0x7859effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000007859f0000 | 0x7859f0000 | 0x7859f6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000785a00000 | 0x785a00000 | 0x785a13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000785a20000 | 0x785a20000 | 0x785a9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000785aa0000 | 0x785aa0000 | 0x785aa3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000785ab0000 | 0x785ab0000 | 0x785ab2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000785ac0000 | 0x785ac0000 | 0x785ac1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x785ad0000 | 0x785b8dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000785b90000 | 0x785b90000 | 0x785c0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000785c10000 | 0x785c10000 | 0x785d0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000785d10000 | 0x785d10000 | 0x785d16fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x785d20000 | 0x785d23fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000785d30000 | 0x785d30000 | 0x785d30fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000785d40000 | 0x785d40000 | 0x785d40fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000785d50000 | 0x785d50000 | 0x785d50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000785d60000 | 0x785d60000 | 0x785d60fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000785d70000 | 0x785d70000 | 0x785d70fff | Pagefile Backed Memory | r |
|
|
|
- |
| ntdll.dll.mui | 0x785d80000 | 0x785de5fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000785df0000 | 0x785df0000 | 0x785dfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000785e00000 | 0x785e00000 | 0x785f87fff | Pagefile Backed Memory | r |
|
|
|
- |
| faultrep.dll.mui | 0x785f90000 | 0x785f91fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0x785fa0000 | 0x785fa2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000785fb0000 | 0x785fb0000 | 0x785fb6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000785fc0000 | 0x785fc0000 | 0x785fcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000785fd0000 | 0x785fd0000 | 0x786150fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000786160000 | 0x786160000 | 0x78755ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000787560000 | 0x787560000 | 0x7875dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000007875e0000 | 0x7875e0000 | 0x78765ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000787660000 | 0x787660000 | 0x787661fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000787670000 | 0x787670000 | 0x787671fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000787680000 | 0x787680000 | 0x787680fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000787690000 | 0x787690000 | 0x787691fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000007876a0000 | 0x7876a0000 | 0x7876c9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000007876d0000 | 0x7876d0000 | 0x7876dffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x7876e0000 | 0x787a16fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000787a20000 | 0x787a20000 | 0x787a9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000787aa0000 | 0x787aa0000 | 0x787b1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000787b20000 | 0x787b20000 | 0x787c1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000787c20000 | 0x787c20000 | 0x787d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000787d20000 | 0x787d20000 | 0x787e1ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x787e20000 | 0x787efefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000787f00000 | 0x787f00000 | 0x787ffffff | Private Memory | rw |
|
|
|
- |
| winnlsres.dll | 0x788000000 | 0x788004fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll.mui | 0x788010000 | 0x78801ffff | Memory Mapped File | r |
|
|
|
- |
| mswsock.dll.mui | 0x788020000 | 0x788022fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000788030000 | 0x788030000 | 0x788031fff | Pagefile Backed Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x788040000 | 0x788049fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000788050000 | 0x788050000 | 0x7880cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000007880d0000 | 0x7880d0000 | 0x7882cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffc60000 | 0x7df5ffc60000 | 0x7ff5ffc5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff738fbc000 | 0x7ff738fbc000 | 0x7ff738fbdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff738fbe000 | 0x7ff738fbe000 | 0x7ff738fbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff738fc0000 | 0x7ff738fc0000 | 0x7ff7390bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7390c0000 | 0x7ff7390c0000 | 0x7ff7390e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7390e4000 | 0x7ff7390e4000 | 0x7ff7390e5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7390e6000 | 0x7ff7390e6000 | 0x7ff7390e7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7390e8000 | 0x7ff7390e8000 | 0x7ff7390e8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7390ea000 | 0x7ff7390ea000 | 0x7ff7390ebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7390ec000 | 0x7ff7390ec000 | 0x7ff7390edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7390ee000 | 0x7ff7390ee000 | 0x7ff7390effff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff739e30000 | 0x7ff739e7afff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e090000 | 0x7ffc3e56bfff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3e820000 | 0x7ffc3e9cffff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc3f110000 | 0x7ffc3f1a0fff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3fb50000 | 0x7ffc3fbedfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3fe00000 | 0x7ffc3ff89fff | Memory Mapped File | rwx |
|
|
|
- |
| mskeyprotect.dll | 0x7ffc42390000 | 0x7ffc423a3fff | Memory Mapped File | rwx |
|
|
|
- |
| ncryptsslp.dll | 0x7ffc42440000 | 0x7ffc4245efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc44de0000 | 0x7ffc44e92fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptnet.dll | 0x7ffc48f00000 | 0x7ffc48f2efff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc48f70000 | 0x7ffc48fe3fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| webio.dll | 0x7ffc4a100000 | 0x7ffc4a17ffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandconnroutehelper.dll | 0x7ffc4b8c0000 | 0x7ffc4b8d4fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x7ffc4c270000 | 0x7ffc4c279fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc4d190000 | 0x7ffc4d1b4fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d1c0000 | 0x7ffc4d21dfff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| fwpuclnt.dll | 0x7ffc50980000 | 0x7ffc509e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc.dll | 0x7ffc50a50000 | 0x7ffc50a69fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc6.dll | 0x7ffc50a70000 | 0x7ffc50a85fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| gpapi.dll | 0x7ffc534a0000 | 0x7ffc534c2fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| schannel.dll | 0x7ffc53980000 | 0x7ffc539f3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x7ffc53be0000 | 0x7ffc53c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x7ffc53dd0000 | 0x7ffc53e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntasn1.dll | 0x7ffc53f30000 | 0x7ffc53f65fff | Memory Mapped File | rwx |
|
|
|
- |
| ncrypt.dll | 0x7ffc53f70000 | 0x7ffc53f95fff | Memory Mapped File | rwx |
|
|
|
- |
| dpapi.dll | 0x7ffc541f0000 | 0x7ffc541f9fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7ffc55220000 | 0x7ffc5527afff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x7ffc57900000 | 0x7ffc57968fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #43: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2212 -s 776 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:34 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1194 |
| Parent PID | 0x8a4 (c:\windows\system32\backgroundtaskhost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1198
0x
11A0
0x
1244
0x
1248
0x
124C
0x
1250
0x
13E0
0x
1C98
0x
1E6C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008af12c0000 | 0x8af12c0000 | 0x8af12dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af12c0000 | 0x8af12c0000 | 0x8af12cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000008af12d0000 | 0x8af12d0000 | 0x8af12d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af12e0000 | 0x8af12e0000 | 0x8af12f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008af1300000 | 0x8af1300000 | 0x8af137ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1380000 | 0x8af1380000 | 0x8af1383fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1390000 | 0x8af1390000 | 0x8af1392fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008af13a0000 | 0x8af13a0000 | 0x8af13a1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x8af13b0000 | 0x8af146dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af1470000 | 0x8af1470000 | 0x8af14effff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af14f0000 | 0x8af14f0000 | 0x8af14f6fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x8af1500000 | 0x8af1503fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af1510000 | 0x8af1510000 | 0x8af151ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af1520000 | 0x8af1520000 | 0x8af1520fff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af1530000 | 0x8af1530000 | 0x8af1530fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1540000 | 0x8af1540000 | 0x8af1540fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000008af1550000 | 0x8af1550000 | 0x8af155ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1560000 | 0x8af1560000 | 0x8af1560fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1570000 | 0x8af1570000 | 0x8af1570fff | Pagefile Backed Memory | r |
|
|
|
- |
| faultrep.dll.mui | 0x8af1580000 | 0x8af1581fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0x8af1590000 | 0x8af1592fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af15a0000 | 0x8af15a0000 | 0x8af169ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af16a0000 | 0x8af16a0000 | 0x8af171ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af1720000 | 0x8af1720000 | 0x8af1726fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1730000 | 0x8af1730000 | 0x8af1731fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1740000 | 0x8af1740000 | 0x8af1741fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1750000 | 0x8af1750000 | 0x8af1750fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1760000 | 0x8af1760000 | 0x8af1761fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008af1770000 | 0x8af1770000 | 0x8af177ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af1780000 | 0x8af1780000 | 0x8af1907fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1910000 | 0x8af1910000 | 0x8af1a90fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008af1aa0000 | 0x8af1aa0000 | 0x8af2e9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x8af2ea0000 | 0x8af31d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af31e0000 | 0x8af31e0000 | 0x8af325ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af3260000 | 0x8af3260000 | 0x8af32dffff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x8af32e0000 | 0x8af3345fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af3350000 | 0x8af3350000 | 0x8af33cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af33d0000 | 0x8af33d0000 | 0x8af34cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af34d0000 | 0x8af34d0000 | 0x8af35cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af35d0000 | 0x8af35d0000 | 0x8af36cffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x8af36d0000 | 0x8af37aefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af37b0000 | 0x8af37b0000 | 0x8af38affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008af38b0000 | 0x8af38b0000 | 0x8af38d9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| winnlsres.dll | 0x8af38e0000 | 0x8af38e4fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll.mui | 0x8af38f0000 | 0x8af38fffff | Memory Mapped File | r |
|
|
|
- |
| mswsock.dll.mui | 0x8af3900000 | 0x8af3902fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000008af3910000 | 0x8af3910000 | 0x8af3911fff | Pagefile Backed Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x8af3920000 | 0x8af3929fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008af3930000 | 0x8af3930000 | 0x8af39affff | Private Memory | rw |
|
|
|
- |
| private_0x0000008af39b0000 | 0x8af39b0000 | 0x8af3baffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff600000 | 0x7df5ff600000 | 0x7ff5ff5fffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff738f0e000 | 0x7ff738f0e000 | 0x7ff738f0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff738f10000 | 0x7ff738f10000 | 0x7ff73900ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff739010000 | 0x7ff739010000 | 0x7ff739032fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff739033000 | 0x7ff739033000 | 0x7ff739034fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739035000 | 0x7ff739035000 | 0x7ff739036fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739037000 | 0x7ff739037000 | 0x7ff739038fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739039000 | 0x7ff739039000 | 0x7ff739039fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73903a000 | 0x7ff73903a000 | 0x7ff73903bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73903c000 | 0x7ff73903c000 | 0x7ff73903dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73903e000 | 0x7ff73903e000 | 0x7ff73903ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff739e30000 | 0x7ff739e7afff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3e820000 | 0x7ffc3e9cffff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3fb50000 | 0x7ffc3fbedfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3fe00000 | 0x7ffc3ff89fff | Memory Mapped File | rwx |
|
|
|
- |
| mskeyprotect.dll | 0x7ffc42390000 | 0x7ffc423a3fff | Memory Mapped File | rwx |
|
|
|
- |
| ncryptsslp.dll | 0x7ffc42440000 | 0x7ffc4245efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc44de0000 | 0x7ffc44e92fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptnet.dll | 0x7ffc48f00000 | 0x7ffc48f2efff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc48f70000 | 0x7ffc48fe3fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| webio.dll | 0x7ffc4a100000 | 0x7ffc4a17ffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandconnroutehelper.dll | 0x7ffc4b8c0000 | 0x7ffc4b8d4fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x7ffc4c270000 | 0x7ffc4c279fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc4d190000 | 0x7ffc4d1b4fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d1c0000 | 0x7ffc4d21dfff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| fwpuclnt.dll | 0x7ffc50980000 | 0x7ffc509e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc.dll | 0x7ffc50a50000 | 0x7ffc50a69fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc6.dll | 0x7ffc50a70000 | 0x7ffc50a85fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| gpapi.dll | 0x7ffc534a0000 | 0x7ffc534c2fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| schannel.dll | 0x7ffc53980000 | 0x7ffc539f3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x7ffc53be0000 | 0x7ffc53c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x7ffc53dd0000 | 0x7ffc53e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntasn1.dll | 0x7ffc53f30000 | 0x7ffc53f65fff | Memory Mapped File | rwx |
|
|
|
- |
| ncrypt.dll | 0x7ffc53f70000 | 0x7ffc53f95fff | Memory Mapped File | rwx |
|
|
|
- |
| dpapi.dll | 0x7ffc541f0000 | 0x7ffc541f9fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7ffc55220000 | 0x7ffc5527afff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x7ffc57900000 | 0x7ffc57968fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #44: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2532 -s 3256 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:29 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1294 |
| Parent PID | 0x9e4 (c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1298
0x
129C
0x
139C
0x
13A4
0x
13A8
0x
13B0
0x
1498
0x
1C9C
0x
1E4C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000100000000 | 0x100000000 | 0x10001ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100000000 | 0x100000000 | 0x10000ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000100010000 | 0x100010000 | 0x100016fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100020000 | 0x100020000 | 0x100033fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000100040000 | 0x100040000 | 0x1000bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001000c0000 | 0x1000c0000 | 0x1000c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001000d0000 | 0x1000d0000 | 0x1000d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001000e0000 | 0x1000e0000 | 0x1000e1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000001000f0000 | 0x1000f0000 | 0x10016ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100170000 | 0x100170000 | 0x100176fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x100180000 | 0x100183fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100190000 | 0x100190000 | 0x10028ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x100290000 | 0x10034dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100350000 | 0x100350000 | 0x100350fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100360000 | 0x100360000 | 0x100360fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100370000 | 0x100370000 | 0x100370fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000100380000 | 0x100380000 | 0x100380fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000100390000 | 0x100390000 | 0x100390fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001003a0000 | 0x1003a0000 | 0x1003affff | Private Memory | rw |
|
|
|
- |
| private_0x00000001003b0000 | 0x1003b0000 | 0x10042ffff | Private Memory | rw |
|
|
|
- |
| faultrep.dll.mui | 0x100430000 | 0x100431fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0x100440000 | 0x100442fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100450000 | 0x100450000 | 0x100456fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100460000 | 0x100460000 | 0x100461fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000100470000 | 0x100470000 | 0x100471fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000100480000 | 0x100480000 | 0x10048ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100490000 | 0x100490000 | 0x100617fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000100620000 | 0x100620000 | 0x1007a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001007b0000 | 0x1007b0000 | 0x101baffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000101bb0000 | 0x101bb0000 | 0x101c2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000101c30000 | 0x101c30000 | 0x101c30fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000101c40000 | 0x101c40000 | 0x101c41fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000101c50000 | 0x101c50000 | 0x101c79fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000101c80000 | 0x101c80000 | 0x101c8ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x101c90000 | 0x101fc6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000101fd0000 | 0x101fd0000 | 0x10204ffff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x102050000 | 0x1020b5fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000001020c0000 | 0x1020c0000 | 0x10213ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000102140000 | 0x102140000 | 0x10223ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000102240000 | 0x102240000 | 0x10233ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000102340000 | 0x102340000 | 0x10243ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000102440000 | 0x102440000 | 0x10263ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x102640000 | 0x10271efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000102720000 | 0x102720000 | 0x10281ffff | Private Memory | rw |
|
|
|
- |
| winnlsres.dll | 0x102820000 | 0x102824fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll.mui | 0x102830000 | 0x10283ffff | Memory Mapped File | r |
|
|
|
- |
| mswsock.dll.mui | 0x102840000 | 0x102842fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000102850000 | 0x102850000 | 0x102851fff | Pagefile Backed Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x102860000 | 0x102869fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000102870000 | 0x102870000 | 0x1028effff | Private Memory | rw |
|
|
|
- |
| private_0x00000001028f0000 | 0x1028f0000 | 0x10296ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe10000 | 0x7df5ffe10000 | 0x7ff5ffe0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff73921c000 | 0x7ff73921c000 | 0x7ff73921dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73921e000 | 0x7ff73921e000 | 0x7ff73921ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff739220000 | 0x7ff739220000 | 0x7ff73931ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff739320000 | 0x7ff739320000 | 0x7ff739342fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff739343000 | 0x7ff739343000 | 0x7ff739344fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739345000 | 0x7ff739345000 | 0x7ff739345fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739346000 | 0x7ff739346000 | 0x7ff739347fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff739348000 | 0x7ff739348000 | 0x7ff739349fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73934a000 | 0x7ff73934a000 | 0x7ff73934bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73934c000 | 0x7ff73934c000 | 0x7ff73934dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff73934e000 | 0x7ff73934e000 | 0x7ff73934ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff739e30000 | 0x7ff739e7afff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3e820000 | 0x7ffc3e9cffff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3fb50000 | 0x7ffc3fbedfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3fe00000 | 0x7ffc3ff89fff | Memory Mapped File | rwx |
|
|
|
- |
| mskeyprotect.dll | 0x7ffc42390000 | 0x7ffc423a3fff | Memory Mapped File | rwx |
|
|
|
- |
| ncryptsslp.dll | 0x7ffc42440000 | 0x7ffc4245efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc44de0000 | 0x7ffc44e92fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptnet.dll | 0x7ffc48f00000 | 0x7ffc48f2efff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc48f70000 | 0x7ffc48fe3fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| webio.dll | 0x7ffc4a100000 | 0x7ffc4a17ffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandconnroutehelper.dll | 0x7ffc4b8c0000 | 0x7ffc4b8d4fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x7ffc4c270000 | 0x7ffc4c279fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc4d190000 | 0x7ffc4d1b4fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d1c0000 | 0x7ffc4d21dfff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| fwpuclnt.dll | 0x7ffc50980000 | 0x7ffc509e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc.dll | 0x7ffc50a50000 | 0x7ffc50a69fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc6.dll | 0x7ffc50a70000 | 0x7ffc50a85fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| gpapi.dll | 0x7ffc534a0000 | 0x7ffc534c2fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| schannel.dll | 0x7ffc53980000 | 0x7ffc539f3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x7ffc53be0000 | 0x7ffc53c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x7ffc53dd0000 | 0x7ffc53e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntasn1.dll | 0x7ffc53f30000 | 0x7ffc53f65fff | Memory Mapped File | rwx |
|
|
|
- |
| ncrypt.dll | 0x7ffc53f70000 | 0x7ffc53f95fff | Memory Mapped File | rwx |
|
|
|
- |
| dpapi.dll | 0x7ffc541f0000 | 0x7ffc541f9fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7ffc55220000 | 0x7ffc5527afff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x7ffc57900000 | 0x7ffc57968fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #45: net.exe
0
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x138c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1390
0x
10D0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000d74bfa0000 | 0xd74bfa0000 | 0xd74bfbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d74bfa0000 | 0xd74bfa0000 | 0xd74bfaffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000d74bfc0000 | 0xd74bfc0000 | 0xd74bfd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d74bfe0000 | 0xd74bfe0000 | 0xd74c05ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d74c060000 | 0xd74c060000 | 0xd74c063fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d74c070000 | 0xd74c070000 | 0xd74c070fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d74c080000 | 0xd74c080000 | 0xd74c081fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d74c0b0000 | 0xd74c0b0000 | 0xd74c1affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xd74c1b0000 | 0xd74c26dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff670000 | 0x7df5ff670000 | 0x7ff5ff66ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9f20000 | 0x7ff7c9f20000 | 0x7ff7ca01ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca020000 | 0x7ff7ca020000 | 0x7ff7ca042fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca044000 | 0x7ff7ca044000 | 0x7ff7ca044fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca04e000 | 0x7ff7ca04e000 | 0x7ff7ca04ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #47: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:05, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x10ac |
| Parent PID | 0x138c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1174
0x
1164
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000bfb1a20000 | 0xbfb1a20000 | 0xbfb1a3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bfb1a20000 | 0xbfb1a20000 | 0xbfb1a2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000bfb1a30000 | 0xbfb1a30000 | 0xbfb1a36fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bfb1a40000 | 0xbfb1a40000 | 0xbfb1a53fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bfb1a60000 | 0xbfb1a60000 | 0xbfb1adffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bfb1ae0000 | 0xbfb1ae0000 | 0xbfb1ae3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bfb1af0000 | 0xbfb1af0000 | 0xbfb1af0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bfb1b00000 | 0xbfb1b00000 | 0xbfb1b01fff | Private Memory | rw |
|
|
|
- |
| private_0x000000bfb1b10000 | 0xbfb1b10000 | 0xbfb1b16fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xbfb1b20000 | 0xbfb1b22fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xbfb1b30000 | 0xbfb1b61fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bfb1b70000 | 0xbfb1b70000 | 0xbfb1c6ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbfb1c70000 | 0xbfb1d2dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bfb1d30000 | 0xbfb1d30000 | 0xbfb1daffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bfb1eb0000 | 0xbfb1eb0000 | 0xbfb1ebffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff360000 | 0x7df5ff360000 | 0x7ff5ff35ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648520000 | 0x7ff648520000 | 0x7ff64861ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648620000 | 0x7ff648620000 | 0x7ff648642fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64864a000 | 0x7ff64864a000 | 0x7ff64864bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64864c000 | 0x7ff64864c000 | 0x7ff64864cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64864e000 | 0x7ff64864e000 | 0x7ff64864ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1174
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xbfb1b20000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #48: net.exe
0
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1450 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1454
0x
146C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000093ed1d0000 | 0x93ed1d0000 | 0x93ed1effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000093ed1d0000 | 0x93ed1d0000 | 0x93ed1dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000093ed1f0000 | 0x93ed1f0000 | 0x93ed203fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000093ed210000 | 0x93ed210000 | 0x93ed28ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000093ed290000 | 0x93ed290000 | 0x93ed293fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000093ed2a0000 | 0x93ed2a0000 | 0x93ed2a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000093ed2b0000 | 0x93ed2b0000 | 0x93ed2b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000093ed320000 | 0x93ed320000 | 0x93ed41ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x93ed420000 | 0x93ed4ddfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff600000 | 0x7df5ff600000 | 0x7ff5ff5fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9e70000 | 0x7ff7c9e70000 | 0x7ff7c9f6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9f70000 | 0x7ff7c9f70000 | 0x7ff7c9f92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9f95000 | 0x7ff7c9f95000 | 0x7ff7c9f95fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9f9e000 | 0x7ff7c9f9e000 | 0x7ff7c9f9ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #50: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1470 |
| Parent PID | 0x1450 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1474
0x
1478
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000bbca9c0000 | 0xbbca9c0000 | 0xbbca9dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bbca9c0000 | 0xbbca9c0000 | 0xbbca9cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000bbca9d0000 | 0xbbca9d0000 | 0xbbca9d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bbca9e0000 | 0xbbca9e0000 | 0xbbca9f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bbcaa00000 | 0xbbcaa00000 | 0xbbcaa7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bbcaa80000 | 0xbbcaa80000 | 0xbbcaa83fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bbcaa90000 | 0xbbcaa90000 | 0xbbcaa90fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bbcaaa0000 | 0xbbcaaa0000 | 0xbbcaaa1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbbcaab0000 | 0xbbcab6dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bbcab70000 | 0xbbcab70000 | 0xbbcab76fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xbbcab80000 | 0xbbcab82fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000bbcab90000 | 0xbbcab90000 | 0xbbcac8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bbcac90000 | 0xbbcac90000 | 0xbbcad0ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xbbcad10000 | 0xbbcad41fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bbcae30000 | 0xbbcae30000 | 0xbbcae3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff940000 | 0x7df5ff940000 | 0x7ff5ff93ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648610000 | 0x7ff648610000 | 0x7ff64870ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648710000 | 0x7ff648710000 | 0x7ff648732fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648733000 | 0x7ff648733000 | 0x7ff648733fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64873c000 | 0x7ff64873c000 | 0x7ff64873dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64873e000 | 0x7ff64873e000 | 0x7ff64873ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50da0000 | 0x7ffc50db3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1474
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xbbcab80000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #51: net.exe
0
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:15, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x17c8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
17CC
0x
186C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000408ee70000 | 0x408ee70000 | 0x408ee8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000408ee70000 | 0x408ee70000 | 0x408ee7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000408ee90000 | 0x408ee90000 | 0x408eea3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000408eeb0000 | 0x408eeb0000 | 0x408ef2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000408ef30000 | 0x408ef30000 | 0x408ef33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000408ef40000 | 0x408ef40000 | 0x408ef40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000408ef50000 | 0x408ef50000 | 0x408ef51fff | Private Memory | rw |
|
|
|
- |
| private_0x000000408efb0000 | 0x408efb0000 | 0x408f0affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x408f0b0000 | 0x408f16dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff810000 | 0x7df5ff810000 | 0x7ff5ff80ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9e20000 | 0x7ff7c9e20000 | 0x7ff7c9f1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9f20000 | 0x7ff7c9f20000 | 0x7ff7c9f42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9f4c000 | 0x7ff7c9f4c000 | 0x7ff7c9f4cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9f4e000 | 0x7ff7c9f4e000 | 0x7ff7c9f4ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #53: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1890 |
| Parent PID | 0x17c8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1894
0x
1908
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b4f3f00000 | 0xb4f3f00000 | 0xb4f3f1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b4f3f00000 | 0xb4f3f00000 | 0xb4f3f0ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b4f3f10000 | 0xb4f3f10000 | 0xb4f3f16fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b4f3f20000 | 0xb4f3f20000 | 0xb4f3f33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b4f3f40000 | 0xb4f3f40000 | 0xb4f3fbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b4f3fc0000 | 0xb4f3fc0000 | 0xb4f3fc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b4f3fd0000 | 0xb4f3fd0000 | 0xb4f3fd0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b4f3fe0000 | 0xb4f3fe0000 | 0xb4f3fe1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000b4f3ff0000 | 0xb4f3ff0000 | 0xb4f3ff6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xb4f4000000 | 0xb4f4002fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000b4f4030000 | 0xb4f4030000 | 0xb4f412ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb4f4130000 | 0xb4f41edfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b4f41f0000 | 0xb4f41f0000 | 0xb4f426ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xb4f4270000 | 0xb4f42a1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b4f43a0000 | 0xb4f43a0000 | 0xb4f43affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff170000 | 0x7df5ff170000 | 0x7ff5ff16ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6484a0000 | 0x7ff6484a0000 | 0x7ff64859ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6485a0000 | 0x7ff6485a0000 | 0x7ff6485c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6485c8000 | 0x7ff6485c8000 | 0x7ff6485c8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6485cc000 | 0x7ff6485cc000 | 0x7ff6485cdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6485ce000 | 0x7ff6485ce000 | 0x7ff6485cffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1894
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xb4f4000000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #54: net.exe
0
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:17, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1944 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1948
0x
19A8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b1ef020000 | 0xb1ef020000 | 0xb1ef03ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b1ef020000 | 0xb1ef020000 | 0xb1ef02ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000b1ef040000 | 0xb1ef040000 | 0xb1ef053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b1ef060000 | 0xb1ef060000 | 0xb1ef0dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b1ef0e0000 | 0xb1ef0e0000 | 0xb1ef0e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b1ef0f0000 | 0xb1ef0f0000 | 0xb1ef0f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b1ef100000 | 0xb1ef100000 | 0xb1ef101fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb1ef110000 | 0xb1ef1cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b1ef1e0000 | 0xb1ef1e0000 | 0xb1ef2dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff7a0000 | 0x7df5ff7a0000 | 0x7ff5ff79ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca1d0000 | 0x7ff7ca1d0000 | 0x7ff7ca2cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca2d0000 | 0x7ff7ca2d0000 | 0x7ff7ca2f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca2f5000 | 0x7ff7ca2f5000 | 0x7ff7ca2f5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca2fe000 | 0x7ff7ca2fe000 | 0x7ff7ca2fffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #56: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x19c4 |
| Parent PID | 0x1944 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
19C8
0x
19CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000004d79c70000 | 0x4d79c70000 | 0x4d79c8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004d79c70000 | 0x4d79c70000 | 0x4d79c7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000004d79c80000 | 0x4d79c80000 | 0x4d79c86fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004d79c90000 | 0x4d79c90000 | 0x4d79ca3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004d79cb0000 | 0x4d79cb0000 | 0x4d79d2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004d79d30000 | 0x4d79d30000 | 0x4d79d33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004d79d40000 | 0x4d79d40000 | 0x4d79d40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004d79d50000 | 0x4d79d50000 | 0x4d79d51fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x4d79d60000 | 0x4d79e1dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004d79e20000 | 0x4d79e20000 | 0x4d79e26fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x4d79e30000 | 0x4d79e32fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x4d79e40000 | 0x4d79e71fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004d79e90000 | 0x4d79e90000 | 0x4d79f8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004d79f90000 | 0x4d79f90000 | 0x4d7a00ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004d7a080000 | 0x4d7a080000 | 0x4d7a08ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff0b0000 | 0x7df5ff0b0000 | 0x7ff5ff0affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648a90000 | 0x7ff648a90000 | 0x7ff648b8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648b90000 | 0x7ff648b90000 | 0x7ff648bb2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648bb8000 | 0x7ff648bb8000 | 0x7ff648bb8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648bbc000 | 0x7ff648bbc000 | 0x7ff648bbdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648bbe000 | 0x7ff648bbe000 | 0x7ff648bbffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x19c8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x4d79e30000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #57: net.exe
0
0
| Information | Value |
|---|---|
| ID | #57 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:27, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ef8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1EFC
0x
2014
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000009acd0e0000 | 0x9acd0e0000 | 0x9acd0fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009acd0e0000 | 0x9acd0e0000 | 0x9acd0effff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000009acd100000 | 0x9acd100000 | 0x9acd113fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009acd120000 | 0x9acd120000 | 0x9acd19ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009acd1a0000 | 0x9acd1a0000 | 0x9acd1a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009acd1b0000 | 0x9acd1b0000 | 0x9acd1b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009acd1c0000 | 0x9acd1c0000 | 0x9acd1c1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x9acd1d0000 | 0x9acd28dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009acd350000 | 0x9acd350000 | 0x9acd44ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff640000 | 0x7df5ff640000 | 0x7ff5ff63ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca470000 | 0x7ff7ca470000 | 0x7ff7ca56ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca570000 | 0x7ff7ca570000 | 0x7ff7ca592fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca59d000 | 0x7ff7ca59d000 | 0x7ff7ca59efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca59f000 | 0x7ff7ca59f000 | 0x7ff7ca59ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #59: net.exe
0
0
| Information | Value |
|---|---|
| ID | #59 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:29, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1f88 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1F8C
0x
2060
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000062cb050000 | 0x62cb050000 | 0x62cb06ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000062cb050000 | 0x62cb050000 | 0x62cb05ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000062cb070000 | 0x62cb070000 | 0x62cb083fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000062cb090000 | 0x62cb090000 | 0x62cb10ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000062cb110000 | 0x62cb110000 | 0x62cb113fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000062cb120000 | 0x62cb120000 | 0x62cb120fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000062cb130000 | 0x62cb130000 | 0x62cb131fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x62cb140000 | 0x62cb1fdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000062cb2c0000 | 0x62cb2c0000 | 0x62cb3bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffaf0000 | 0x7df5ffaf0000 | 0x7ff5ffaeffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca420000 | 0x7ff7ca420000 | 0x7ff7ca51ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca520000 | 0x7ff7ca520000 | 0x7ff7ca542fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca544000 | 0x7ff7ca544000 | 0x7ff7ca544fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca54e000 | 0x7ff7ca54e000 | 0x7ff7ca54ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #61: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #61 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2058 |
| Parent PID | 0x1ef8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
205C
0x
2064
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e89fd40000 | 0xe89fd40000 | 0xe89fd5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e89fd40000 | 0xe89fd40000 | 0xe89fd4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e89fd50000 | 0xe89fd50000 | 0xe89fd56fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e89fd60000 | 0xe89fd60000 | 0xe89fd73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e89fd80000 | 0xe89fd80000 | 0xe89fdfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e89fe00000 | 0xe89fe00000 | 0xe89fe03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e89fe10000 | 0xe89fe10000 | 0xe89fe10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e89fe20000 | 0xe89fe20000 | 0xe89fe21fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe89fe30000 | 0xe89feedfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e89fef0000 | 0xe89fef0000 | 0xe89ff6ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000e89ff70000 | 0xe89ff70000 | 0xe89ff76fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e89ff80000 | 0xe89ff80000 | 0xe89ff8ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe89ff90000 | 0xe89ff92fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000e89ffc0000 | 0xe89ffc0000 | 0xe8a00bffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xe8a00c0000 | 0xe8a00f1fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffb70000 | 0x7df5ffb70000 | 0x7ff5ffb6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff647ff0000 | 0x7ff647ff0000 | 0x7ff6480effff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6480f0000 | 0x7ff6480f0000 | 0x7ff648112fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64811b000 | 0x7ff64811b000 | 0x7ff64811cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64811d000 | 0x7ff64811d000 | 0x7ff64811efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64811f000 | 0x7ff64811f000 | 0x7ff64811ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x205c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe89ff90000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #62: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #62 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x206c |
| Parent PID | 0x1f88 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2070
0x
2078
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006bdb560000 | 0x6bdb560000 | 0x6bdb57ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006bdb560000 | 0x6bdb560000 | 0x6bdb56ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000006bdb570000 | 0x6bdb570000 | 0x6bdb576fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006bdb580000 | 0x6bdb580000 | 0x6bdb593fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006bdb5a0000 | 0x6bdb5a0000 | 0x6bdb61ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006bdb620000 | 0x6bdb620000 | 0x6bdb623fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006bdb630000 | 0x6bdb630000 | 0x6bdb630fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006bdb640000 | 0x6bdb640000 | 0x6bdb641fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x6bdb650000 | 0x6bdb70dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006bdb710000 | 0x6bdb710000 | 0x6bdb716fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x6bdb720000 | 0x6bdb722fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000006bdb730000 | 0x6bdb730000 | 0x6bdb82ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000006bdb830000 | 0x6bdb830000 | 0x6bdb8affff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x6bdb8b0000 | 0x6bdb8e1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006bdb920000 | 0x6bdb920000 | 0x6bdb92ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff470000 | 0x7df5ff470000 | 0x7ff5ff46ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff647f40000 | 0x7ff647f40000 | 0x7ff64803ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648040000 | 0x7ff648040000 | 0x7ff648062fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64806b000 | 0x7ff64806b000 | 0x7ff64806cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64806d000 | 0x7ff64806d000 | 0x7ff64806efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64806f000 | 0x7ff64806f000 | 0x7ff64806ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2070
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x6bdb720000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #63: net.exe
0
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:38, Reason: Child Process |
| Unmonitor | End Time: 00:02:43, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x139c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1C9C
0x
2090
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000002c6b0e0000 | 0x2c6b0e0000 | 0x2c6b0fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002c6b0e0000 | 0x2c6b0e0000 | 0x2c6b0effff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000002c6b100000 | 0x2c6b100000 | 0x2c6b113fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002c6b120000 | 0x2c6b120000 | 0x2c6b19ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002c6b1a0000 | 0x2c6b1a0000 | 0x2c6b1a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000002c6b1b0000 | 0x2c6b1b0000 | 0x2c6b1b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002c6b1c0000 | 0x2c6b1c0000 | 0x2c6b1c1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000002c6b220000 | 0x2c6b220000 | 0x2c6b31ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x2c6b320000 | 0x2c6b3ddfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffc10000 | 0x7df5ffc10000 | 0x7ff5ffc0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9c40000 | 0x7ff7c9c40000 | 0x7ff7c9d3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9d40000 | 0x7ff7c9d40000 | 0x7ff7c9d62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9d63000 | 0x7ff7c9d63000 | 0x7ff7c9d63fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9d6e000 | 0x7ff7c9d6e000 | 0x7ff7c9d6ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #65: net.exe
0
0
| Information | Value |
|---|---|
| ID | #65 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:43, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa9c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AA0
0x
24A0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008d09a00000 | 0x8d09a00000 | 0x8d09a1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008d09a00000 | 0x8d09a00000 | 0x8d09a0ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000008d09a20000 | 0x8d09a20000 | 0x8d09a33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008d09a40000 | 0x8d09a40000 | 0x8d09abffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008d09ac0000 | 0x8d09ac0000 | 0x8d09ac3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008d09ad0000 | 0x8d09ad0000 | 0x8d09ad0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008d09ae0000 | 0x8d09ae0000 | 0x8d09ae1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x8d09af0000 | 0x8d09badfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000008d09c40000 | 0x8d09c40000 | 0x8d09d3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5fffc0000 | 0x7df5fffc0000 | 0x7ff5fffbffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca4c0000 | 0x7ff7ca4c0000 | 0x7ff7ca5bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca5c0000 | 0x7ff7ca5c0000 | 0x7ff7ca5e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca5ed000 | 0x7ff7ca5ed000 | 0x7ff7ca5edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca5ee000 | 0x7ff7ca5ee000 | 0x7ff7ca5effff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #67: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #67 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:41, Reason: Child Process |
| Unmonitor | End Time: 00:02:42, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2428 |
| Parent PID | 0x139c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
242C
0x
2518
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000060ba340000 | 0x60ba340000 | 0x60ba35ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000060ba340000 | 0x60ba340000 | 0x60ba34ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000060ba350000 | 0x60ba350000 | 0x60ba356fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000060ba360000 | 0x60ba360000 | 0x60ba373fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000060ba380000 | 0x60ba380000 | 0x60ba3fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000060ba400000 | 0x60ba400000 | 0x60ba403fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000060ba410000 | 0x60ba410000 | 0x60ba410fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000060ba420000 | 0x60ba420000 | 0x60ba421fff | Private Memory | rw |
|
|
|
- |
| private_0x00000060ba430000 | 0x60ba430000 | 0x60ba52ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x60ba530000 | 0x60ba5edfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000060ba5f0000 | 0x60ba5f0000 | 0x60ba66ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000060ba670000 | 0x60ba670000 | 0x60ba676fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x60ba680000 | 0x60ba682fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x60ba690000 | 0x60ba6c1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000060ba830000 | 0x60ba830000 | 0x60ba83ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff230000 | 0x7df5ff230000 | 0x7ff5ff22ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648190000 | 0x7ff648190000 | 0x7ff64828ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648290000 | 0x7ff648290000 | 0x7ff6482b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6482b5000 | 0x7ff6482b5000 | 0x7ff6482b5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482bc000 | 0x7ff6482bc000 | 0x7ff6482bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482be000 | 0x7ff6482be000 | 0x7ff6482bffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x242c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x60ba680000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #68: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #68 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:42, Reason: Child Process |
| Unmonitor | End Time: 00:02:43, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2550 |
| Parent PID | 0xa9c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2554
0x
2590
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ba533b0000 | 0xba533b0000 | 0xba533cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba533b0000 | 0xba533b0000 | 0xba533bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ba533c0000 | 0xba533c0000 | 0xba533c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba533d0000 | 0xba533d0000 | 0xba533e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ba533f0000 | 0xba533f0000 | 0xba5346ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba53470000 | 0xba53470000 | 0xba53473fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ba53480000 | 0xba53480000 | 0xba53480fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ba53490000 | 0xba53490000 | 0xba53491fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xba534a0000 | 0xba5355dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ba53560000 | 0xba53560000 | 0xba53566fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xba53570000 | 0xba53572fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xba53580000 | 0xba535b1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ba535c0000 | 0xba535c0000 | 0xba536bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ba536c0000 | 0xba536c0000 | 0xba5373ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ba538d0000 | 0xba538d0000 | 0xba538dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffed0000 | 0x7df5ffed0000 | 0x7ff5ffecffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff647f70000 | 0x7ff647f70000 | 0x7ff64806ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648070000 | 0x7ff648070000 | 0x7ff648092fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64809b000 | 0x7ff64809b000 | 0x7ff64809bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64809c000 | 0x7ff64809c000 | 0x7ff64809dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64809e000 | 0x7ff64809e000 | 0x7ff64809ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2554
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xba53570000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #69: net.exe
0
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:53, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x29d4 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
29D8
0x
2B68
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000043b2380000 | 0x43b2380000 | 0x43b239ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000043b2380000 | 0x43b2380000 | 0x43b238ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000043b23a0000 | 0x43b23a0000 | 0x43b23b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000043b23c0000 | 0x43b23c0000 | 0x43b243ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000043b2440000 | 0x43b2440000 | 0x43b2443fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000043b2450000 | 0x43b2450000 | 0x43b2450fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000043b2460000 | 0x43b2460000 | 0x43b2461fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x43b2470000 | 0x43b252dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000043b25f0000 | 0x43b25f0000 | 0x43b26effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffed0000 | 0x7df5ffed0000 | 0x7ff5ffecffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9eb0000 | 0x7ff7c9eb0000 | 0x7ff7c9faffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7c9fb0000 | 0x7ff7c9fb0000 | 0x7ff7c9fd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9fdd000 | 0x7ff7c9fdd000 | 0x7ff7c9fddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9fde000 | 0x7ff7c9fde000 | 0x7ff7c9fdffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #71: net.exe
0
0
| Information | Value |
|---|---|
| ID | #71 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:54, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2a98 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2A9C
0x
2C08
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000bf64860000 | 0xbf64860000 | 0xbf6487ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bf64860000 | 0xbf64860000 | 0xbf6486ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000bf64880000 | 0xbf64880000 | 0xbf64893fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bf648a0000 | 0xbf648a0000 | 0xbf6491ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bf64920000 | 0xbf64920000 | 0xbf64923fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bf64930000 | 0xbf64930000 | 0xbf64930fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bf64940000 | 0xbf64940000 | 0xbf64941fff | Private Memory | rw |
|
|
|
- |
| private_0x000000bf649c0000 | 0xbf649c0000 | 0xbf64abffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbf64ac0000 | 0xbf64b7dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff210000 | 0x7df5ff210000 | 0x7ff5ff20ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca370000 | 0x7ff7ca370000 | 0x7ff7ca46ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca470000 | 0x7ff7ca470000 | 0x7ff7ca492fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca49d000 | 0x7ff7ca49d000 | 0x7ff7ca49efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca49f000 | 0x7ff7ca49f000 | 0x7ff7ca49ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #73: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #73 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:52, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2a60 |
| Parent PID | 0x29d4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1AC0
0x
2C0C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000be7490000 | 0xbe7490000 | 0xbe74affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000be7490000 | 0xbe7490000 | 0xbe749ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000be74a0000 | 0xbe74a0000 | 0xbe74a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000be74b0000 | 0xbe74b0000 | 0xbe74c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000be74d0000 | 0xbe74d0000 | 0xbe754ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000be7550000 | 0xbe7550000 | 0xbe7553fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000be7560000 | 0xbe7560000 | 0xbe7560fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000be7570000 | 0xbe7570000 | 0xbe7571fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000be7580000 | 0xbe7580000 | 0xbe7586fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xbe7590000 | 0xbe7592fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xbe75a0000 | 0xbe75d1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000be75e0000 | 0xbe75e0000 | 0xbe76dffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbe76e0000 | 0xbe779dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000be77a0000 | 0xbe77a0000 | 0xbe781ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000be7970000 | 0xbe7970000 | 0xbe797ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2a0000 | 0x7df5ff2a0000 | 0x7ff5ff29ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648b50000 | 0x7ff648b50000 | 0x7ff648c4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648c50000 | 0x7ff648c50000 | 0x7ff648c72fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648c77000 | 0x7ff648c77000 | 0x7ff648c77fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c7c000 | 0x7ff648c7c000 | 0x7ff648c7dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c7e000 | 0x7ff648c7e000 | 0x7ff648c7ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50e30000 | 0x7ffc50e43fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1ac0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xbe7590000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #74: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #74 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:52, Reason: Child Process |
| Unmonitor | End Time: 00:02:53, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2c10 |
| Parent PID | 0x2a98 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2C14
0x
2C18
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000af4e9f0000 | 0xaf4e9f0000 | 0xaf4ea0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000af4e9f0000 | 0xaf4e9f0000 | 0xaf4e9fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000af4ea00000 | 0xaf4ea00000 | 0xaf4ea06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000af4ea10000 | 0xaf4ea10000 | 0xaf4ea23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000af4ea30000 | 0xaf4ea30000 | 0xaf4eaaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000af4eab0000 | 0xaf4eab0000 | 0xaf4eab3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000af4eac0000 | 0xaf4eac0000 | 0xaf4eac0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000af4ead0000 | 0xaf4ead0000 | 0xaf4ead1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000af4eae0000 | 0xaf4eae0000 | 0xaf4eb5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000af4eb60000 | 0xaf4eb60000 | 0xaf4eb66fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xaf4eb70000 | 0xaf4eb72fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000af4eb90000 | 0xaf4eb90000 | 0xaf4ec8ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xaf4ec90000 | 0xaf4ed4dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0xaf4ed50000 | 0xaf4ed81fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000af4ee00000 | 0xaf4ee00000 | 0xaf4ee0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2e0000 | 0x7df5ff2e0000 | 0x7ff5ff2dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648d80000 | 0x7ff648d80000 | 0x7ff648e7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648e80000 | 0x7ff648e80000 | 0x7ff648ea2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648eaa000 | 0x7ff648eaa000 | 0x7ff648eaafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648eac000 | 0x7ff648eac000 | 0x7ff648eadfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648eae000 | 0x7ff648eae000 | 0x7ff648eaffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50e30000 | 0x7ffc50e43fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2c14
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xaf4eb70000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #75: net.exe
0
0
| Information | Value |
|---|---|
| ID | #75 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:00, Reason: Child Process |
| Unmonitor | End Time: 00:03:07, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x33f8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
33FC
0x
3724
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e6c5fd0000 | 0xe6c5fd0000 | 0xe6c5feffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e6c5fd0000 | 0xe6c5fd0000 | 0xe6c5fdffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000e6c5ff0000 | 0xe6c5ff0000 | 0xe6c6003fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e6c6010000 | 0xe6c6010000 | 0xe6c608ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e6c6090000 | 0xe6c6090000 | 0xe6c6093fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e6c60a0000 | 0xe6c60a0000 | 0xe6c60a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e6c60b0000 | 0xe6c60b0000 | 0xe6c60b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe6c60c0000 | 0xe6c617dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e6c6270000 | 0xe6c6270000 | 0xe6c636ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffce0000 | 0x7df5ffce0000 | 0x7ff5ffcdffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca510000 | 0x7ff7ca510000 | 0x7ff7ca60ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca610000 | 0x7ff7ca610000 | 0x7ff7ca632fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca63a000 | 0x7ff7ca63a000 | 0x7ff7ca63afff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca63e000 | 0x7ff7ca63e000 | 0x7ff7ca63ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #77: net.exe
0
0
| Information | Value |
|---|---|
| ID | #77 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:01, Reason: Child Process |
| Unmonitor | End Time: 00:03:06, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x35e0 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
35E4
0x
3804
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007484570000 | 0x7484570000 | 0x748458ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007484570000 | 0x7484570000 | 0x748457ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000007484590000 | 0x7484590000 | 0x74845a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000074845b0000 | 0x74845b0000 | 0x748462ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007484630000 | 0x7484630000 | 0x7484633fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007484640000 | 0x7484640000 | 0x7484640fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007484650000 | 0x7484650000 | 0x7484651fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7484660000 | 0x748471dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007484750000 | 0x7484750000 | 0x748484ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa40000 | 0x7df5ffa40000 | 0x7ff5ffa3ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca940000 | 0x7ff7ca940000 | 0x7ff7caa3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7caa40000 | 0x7ff7caa40000 | 0x7ff7caa62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7caa6d000 | 0x7ff7caa6d000 | 0x7ff7caa6efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7caa6f000 | 0x7ff7caa6f000 | 0x7ff7caa6ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #79: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #79 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:02, Reason: Child Process |
| Unmonitor | End Time: 00:03:06, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x37e4 |
| Parent PID | 0x33f8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
37E8
0x
3834
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000043323b0000 | 0x43323b0000 | 0x43323cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000043323b0000 | 0x43323b0000 | 0x43323bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000043323c0000 | 0x43323c0000 | 0x43323c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000043323d0000 | 0x43323d0000 | 0x43323e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000043323f0000 | 0x43323f0000 | 0x433246ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004332470000 | 0x4332470000 | 0x4332473fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004332480000 | 0x4332480000 | 0x4332480fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004332490000 | 0x4332490000 | 0x4332491fff | Private Memory | rw |
|
|
|
- |
| private_0x00000043324a0000 | 0x43324a0000 | 0x433251ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004332520000 | 0x4332520000 | 0x4332526fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x4332530000 | 0x4332532fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000004332550000 | 0x4332550000 | 0x433264ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x4332650000 | 0x433270dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0x4332710000 | 0x4332741fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000043328f0000 | 0x43328f0000 | 0x43328fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff8b0000 | 0x7df5ff8b0000 | 0x7ff5ff8affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648380000 | 0x7ff648380000 | 0x7ff64847ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648480000 | 0x7ff648480000 | 0x7ff6484a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6484a7000 | 0x7ff6484a7000 | 0x7ff6484a7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484ac000 | 0x7ff6484ac000 | 0x7ff6484adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484ae000 | 0x7ff6484ae000 | 0x7ff6484affff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50e30000 | 0x7ffc50e43fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x37e8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x4332530000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #80: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #80 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:03, Reason: Child Process |
| Unmonitor | End Time: 00:03:06, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x38b0 |
| Parent PID | 0x35e0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
38B4
0x
3970
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000630f8e0000 | 0x630f8e0000 | 0x630f8fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000630f8e0000 | 0x630f8e0000 | 0x630f8effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000630f8f0000 | 0x630f8f0000 | 0x630f8f6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000630f900000 | 0x630f900000 | 0x630f913fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000630f920000 | 0x630f920000 | 0x630f99ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000630f9a0000 | 0x630f9a0000 | 0x630f9a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000630f9b0000 | 0x630f9b0000 | 0x630f9b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000630f9c0000 | 0x630f9c0000 | 0x630f9c1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x630f9d0000 | 0x630fa8dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000630fa90000 | 0x630fa90000 | 0x630fb0ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000630fb10000 | 0x630fb10000 | 0x630fb16fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x630fb20000 | 0x630fb22fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x630fb30000 | 0x630fb61fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000630fbb0000 | 0x630fbb0000 | 0x630fcaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000630fe00000 | 0x630fe00000 | 0x630fe0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff050000 | 0x7df5ff050000 | 0x7ff5ff04ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648e10000 | 0x7ff648e10000 | 0x7ff648f0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648f10000 | 0x7ff648f10000 | 0x7ff648f32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648f3a000 | 0x7ff648f3a000 | 0x7ff648f3bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648f3c000 | 0x7ff648f3c000 | 0x7ff648f3dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648f3e000 | 0x7ff648f3e000 | 0x7ff648f3efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc50e30000 | 0x7ffc50e43fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x38b4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x630fb20000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #81: net.exe
0
0
| Information | Value |
|---|---|
| ID | #81 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:10, Reason: Child Process |
| Unmonitor | End Time: 00:03:17, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x44d8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
44DC
0x
46D8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000fdfe580000 | 0xfdfe580000 | 0xfdfe59ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fdfe580000 | 0xfdfe580000 | 0xfdfe58ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000fdfe5a0000 | 0xfdfe5a0000 | 0xfdfe5b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fdfe5c0000 | 0xfdfe5c0000 | 0xfdfe63ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fdfe640000 | 0xfdfe640000 | 0xfdfe643fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000fdfe650000 | 0xfdfe650000 | 0xfdfe650fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fdfe660000 | 0xfdfe660000 | 0xfdfe661fff | Private Memory | rw |
|
|
|
- |
| private_0x000000fdfe6e0000 | 0xfdfe6e0000 | 0xfdfe7dffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xfdfe7e0000 | 0xfdfe89dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff3b0000 | 0x7df5ff3b0000 | 0x7ff5ff3affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca720000 | 0x7ff7ca720000 | 0x7ff7ca81ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7ca820000 | 0x7ff7ca820000 | 0x7ff7ca842fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca84d000 | 0x7ff7ca84d000 | 0x7ff7ca84efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca84f000 | 0x7ff7ca84f000 | 0x7ff7ca84ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #83: net.exe
0
0
| Information | Value |
|---|---|
| ID | #83 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:12, Reason: Child Process |
| Unmonitor | End Time: 00:03:18, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x46e0 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
46E4
0x
497C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000066c4430000 | 0x66c4430000 | 0x66c444ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000066c4450000 | 0x66c4450000 | 0x66c4463fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000066c4470000 | 0x66c4470000 | 0x66c44effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000066c44f0000 | 0x66c44f0000 | 0x66c44f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000066c4500000 | 0x66c4500000 | 0x66c4500fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000066c4510000 | 0x66c4510000 | 0x66c4511fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5d0000 | 0x7df5ff5d0000 | 0x7ff5ff5cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca850000 | 0x7ff7ca850000 | 0x7ff7ca872fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca876000 | 0x7ff7ca876000 | 0x7ff7ca876fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca87e000 | 0x7ff7ca87e000 | 0x7ff7ca87ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #85: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #85 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:12, Reason: Child Process |
| Unmonitor | End Time: 00:03:16, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4744 |
| Parent PID | 0x44d8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4748
0x
485C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000cebca10000 | 0xcebca10000 | 0xcebca2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000cebca10000 | 0xcebca10000 | 0xcebca1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000cebca20000 | 0xcebca20000 | 0xcebca26fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000cebca30000 | 0xcebca30000 | 0xcebca43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000cebca50000 | 0xcebca50000 | 0xcebcacffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000cebcad0000 | 0xcebcad0000 | 0xcebcad3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000cebcae0000 | 0xcebcae0000 | 0xcebcae0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000cebcaf0000 | 0xcebcaf0000 | 0xcebcaf1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xcebcb00000 | 0xcebcbbdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000cebcbc0000 | 0xcebcbc0000 | 0xcebcc3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000cebcc40000 | 0xcebcc40000 | 0xcebcc46fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xcebcc50000 | 0xcebcc52fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xcebcc60000 | 0xcebcc91fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000cebccb0000 | 0xcebccb0000 | 0xcebcdaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000cebcf30000 | 0xcebcf30000 | 0xcebcf3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe70000 | 0x7df5ffe70000 | 0x7ff5ffe6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648690000 | 0x7ff648690000 | 0x7ff64878ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648790000 | 0x7ff648790000 | 0x7ff6487b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6487ba000 | 0x7ff6487ba000 | 0x7ff6487bbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6487bc000 | 0x7ff6487bc000 | 0x7ff6487bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6487be000 | 0x7ff6487be000 | 0x7ff6487befff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x4748
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xcebcc50000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #86: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #86 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:14, Reason: Child Process |
| Unmonitor | End Time: 00:03:18, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a94 |
| Parent PID | 0x46e0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4A98
0x
4BC4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000065ae760000 | 0x65ae760000 | 0x65ae77ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000065ae760000 | 0x65ae760000 | 0x65ae76ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000065ae770000 | 0x65ae770000 | 0x65ae776fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000065ae780000 | 0x65ae780000 | 0x65ae793fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000065ae7a0000 | 0x65ae7a0000 | 0x65ae81ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000065ae820000 | 0x65ae820000 | 0x65ae823fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000065ae830000 | 0x65ae830000 | 0x65ae830fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000065ae840000 | 0x65ae840000 | 0x65ae841fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x65ae850000 | 0x65ae90dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000065ae910000 | 0x65ae910000 | 0x65ae916fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x65ae920000 | 0x65ae922fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000065ae930000 | 0x65ae930000 | 0x65aea2ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000065aea30000 | 0x65aea30000 | 0x65aeaaffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x65aeab0000 | 0x65aeae1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000065aec10000 | 0x65aec10000 | 0x65aec1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffb70000 | 0x7df5ffb70000 | 0x7ff5ffb6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648ce0000 | 0x7ff648ce0000 | 0x7ff648ddffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648de0000 | 0x7ff648de0000 | 0x7ff648e02fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648e06000 | 0x7ff648e06000 | 0x7ff648e06fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648e0c000 | 0x7ff648e0c000 | 0x7ff648e0dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648e0e000 | 0x7ff648e0e000 | 0x7ff648e0ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x4a98
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x65ae920000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #87: net.exe
0
0
| Information | Value |
|---|---|
| ID | #87 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:21, Reason: Child Process |
| Unmonitor | End Time: 00:03:21, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x552c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5530
0x
554C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000002d577d0000 | 0x2d577d0000 | 0x2d577effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002d577f0000 | 0x2d577f0000 | 0x2d57803fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002d57810000 | 0x2d57810000 | 0x2d5788ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002d57890000 | 0x2d57890000 | 0x2d57893fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000002d578a0000 | 0x2d578a0000 | 0x2d578a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002d578b0000 | 0x2d578b0000 | 0x2d578b1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5b0000 | 0x7df5ff5b0000 | 0x7ff5ff5affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca140000 | 0x7ff7ca140000 | 0x7ff7ca162fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca16d000 | 0x7ff7ca16d000 | 0x7ff7ca16efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca16f000 | 0x7ff7ca16f000 | 0x7ff7ca16ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #89: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #89 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:21, Reason: Child Process |
| Unmonitor | End Time: 00:03:21, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5550 |
| Parent PID | 0x552c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5554
0x
5558
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000eca14b0000 | 0xeca14b0000 | 0xeca14cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000eca14b0000 | 0xeca14b0000 | 0xeca14bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000eca14c0000 | 0xeca14c0000 | 0xeca14c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000eca14d0000 | 0xeca14d0000 | 0xeca14e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000eca14f0000 | 0xeca14f0000 | 0xeca156ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000eca1570000 | 0xeca1570000 | 0xeca1573fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000eca1580000 | 0xeca1580000 | 0xeca1580fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000eca1590000 | 0xeca1590000 | 0xeca1591fff | Private Memory | rw |
|
|
|
- |
| private_0x000000eca15a0000 | 0xeca15a0000 | 0xeca161ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000eca1620000 | 0xeca1620000 | 0xeca1626fff | Private Memory | rw |
|
|
|
- |
| private_0x000000eca1630000 | 0xeca1630000 | 0xeca172ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xeca1730000 | 0xeca17edfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll | 0xeca17f0000 | 0xeca17f2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xeca1800000 | 0xeca1831fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000eca18d0000 | 0xeca18d0000 | 0xeca18dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe80000 | 0x7df5ffe80000 | 0x7ff5ffe7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6483b0000 | 0x7ff6483b0000 | 0x7ff6484affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6484b0000 | 0x7ff6484b0000 | 0x7ff6484d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6484d4000 | 0x7ff6484d4000 | 0x7ff6484d4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484dc000 | 0x7ff6484dc000 | 0x7ff6484ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484de000 | 0x7ff6484de000 | 0x7ff6484dffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5554
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xeca17f0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #90: net.exe
0
0
| Information | Value |
|---|---|
| ID | #90 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:22, Reason: Child Process |
| Unmonitor | End Time: 00:03:23, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x55d4 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
55D8
0x
55F0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001b20670000 | 0x1b20670000 | 0x1b2068ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001b20690000 | 0x1b20690000 | 0x1b206a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001b206b0000 | 0x1b206b0000 | 0x1b2072ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001b20730000 | 0x1b20730000 | 0x1b20733fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001b20740000 | 0x1b20740000 | 0x1b20740fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001b20750000 | 0x1b20750000 | 0x1b20751fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffd50000 | 0x7df5ffd50000 | 0x7ff5ffd4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca4a0000 | 0x7ff7ca4a0000 | 0x7ff7ca4c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca4cb000 | 0x7ff7ca4cb000 | 0x7ff7ca4cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca4ce000 | 0x7ff7ca4ce000 | 0x7ff7ca4cffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #92: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #92 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:23, Reason: Child Process |
| Unmonitor | End Time: 00:03:23, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x55f4 |
| Parent PID | 0x55d4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
55F8
0x
55FC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000a98c060000 | 0xa98c060000 | 0xa98c07ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a98c060000 | 0xa98c060000 | 0xa98c06ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a98c070000 | 0xa98c070000 | 0xa98c076fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a98c080000 | 0xa98c080000 | 0xa98c093fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a98c0a0000 | 0xa98c0a0000 | 0xa98c11ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a98c120000 | 0xa98c120000 | 0xa98c123fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a98c130000 | 0xa98c130000 | 0xa98c130fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a98c140000 | 0xa98c140000 | 0xa98c141fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xa98c150000 | 0xa98c20dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a98c210000 | 0xa98c210000 | 0xa98c28ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a98c290000 | 0xa98c290000 | 0xa98c296fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xa98c2a0000 | 0xa98c2a2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xa98c2b0000 | 0xa98c2e1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a98c310000 | 0xa98c310000 | 0xa98c40ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a98c4e0000 | 0xa98c4e0000 | 0xa98c4effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffb60000 | 0x7df5ffb60000 | 0x7ff5ffb5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6483c0000 | 0x7ff6483c0000 | 0x7ff6484bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6484c0000 | 0x7ff6484c0000 | 0x7ff6484e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6484eb000 | 0x7ff6484eb000 | 0x7ff6484ecfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484ed000 | 0x7ff6484ed000 | 0x7ff6484eefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6484ef000 | 0x7ff6484ef000 | 0x7ff6484effff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x55f8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xa98c2a0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #93: net.exe
0
0
| Information | Value |
|---|---|
| ID | #93 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:31, Reason: Child Process |
| Unmonitor | End Time: 00:03:33, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58ac |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58B0
0x
58E4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006db7600000 | 0x6db7600000 | 0x6db761ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006db7620000 | 0x6db7620000 | 0x6db7633fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006db7640000 | 0x6db7640000 | 0x6db76bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006db76c0000 | 0x6db76c0000 | 0x6db76c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006db76d0000 | 0x6db76d0000 | 0x6db76d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006db76e0000 | 0x6db76e0000 | 0x6db76e1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff280000 | 0x7df5ff280000 | 0x7ff5ff27ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca060000 | 0x7ff7ca060000 | 0x7ff7ca082fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca08a000 | 0x7ff7ca08a000 | 0x7ff7ca08afff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca08e000 | 0x7ff7ca08e000 | 0x7ff7ca08ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #95: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #95 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:32, Reason: Child Process |
| Unmonitor | End Time: 00:03:33, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58e8 |
| Parent PID | 0x58ac (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58EC
0x
58F0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e7b0940000 | 0xe7b0940000 | 0xe7b095ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b0940000 | 0xe7b0940000 | 0xe7b094ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e7b0950000 | 0xe7b0950000 | 0xe7b0956fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b0960000 | 0xe7b0960000 | 0xe7b0973fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e7b0980000 | 0xe7b0980000 | 0xe7b09fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b0a00000 | 0xe7b0a00000 | 0xe7b0a03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e7b0a10000 | 0xe7b0a10000 | 0xe7b0a10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e7b0a20000 | 0xe7b0a20000 | 0xe7b0a21fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe7b0a30000 | 0xe7b0aedfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e7b0af0000 | 0xe7b0af0000 | 0xe7b0af6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe7b0b00000 | 0xe7b0b02fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xe7b0b10000 | 0xe7b0b41fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e7b0b60000 | 0xe7b0b60000 | 0xe7b0c5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000e7b0c60000 | 0xe7b0c60000 | 0xe7b0cdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000e7b0e50000 | 0xe7b0e50000 | 0xe7b0e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff550000 | 0x7df5ff550000 | 0x7ff5ff54ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648300000 | 0x7ff648300000 | 0x7ff6483fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648400000 | 0x7ff648400000 | 0x7ff648422fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648424000 | 0x7ff648424000 | 0x7ff648424fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64842c000 | 0x7ff64842c000 | 0x7ff64842dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64842e000 | 0x7ff64842e000 | 0x7ff64842ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4fdf0000 | 0x7ffc4fe03fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x58ec
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe7b0b00000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #96: net.exe
0
0
| Information | Value |
|---|---|
| ID | #96 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:33, Reason: Child Process |
| Unmonitor | End Time: 00:03:35, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5a48 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5A4C
0x
5A68
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008c57a60000 | 0x8c57a60000 | 0x8c57a7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008c57a80000 | 0x8c57a80000 | 0x8c57a93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008c57aa0000 | 0x8c57aa0000 | 0x8c57b1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008c57b20000 | 0x8c57b20000 | 0x8c57b23fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008c57b30000 | 0x8c57b30000 | 0x8c57b30fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008c57b40000 | 0x8c57b40000 | 0x8c57b41fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff730000 | 0x7df5ff730000 | 0x7ff5ff72ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9cf0000 | 0x7ff7c9cf0000 | 0x7ff7c9d12fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9d13000 | 0x7ff7c9d13000 | 0x7ff7c9d13fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9d1e000 | 0x7ff7c9d1e000 | 0x7ff7c9d1ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #98: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #98 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:34, Reason: Child Process |
| Unmonitor | End Time: 00:03:35, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5a6c |
| Parent PID | 0x5a48 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5A70
0x
5A74
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000004f68180000 | 0x4f68180000 | 0x4f6819ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004f68180000 | 0x4f68180000 | 0x4f6818ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000004f68190000 | 0x4f68190000 | 0x4f68196fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004f681a0000 | 0x4f681a0000 | 0x4f681b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004f681c0000 | 0x4f681c0000 | 0x4f6823ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004f68240000 | 0x4f68240000 | 0x4f68243fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004f68250000 | 0x4f68250000 | 0x4f68250fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004f68260000 | 0x4f68260000 | 0x4f68261fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x4f68270000 | 0x4f6832dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004f68330000 | 0x4f68330000 | 0x4f683affff | Private Memory | rw |
|
|
|
- |
| private_0x0000004f683b0000 | 0x4f683b0000 | 0x4f683b6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x4f683c0000 | 0x4f683c2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000004f683e0000 | 0x4f683e0000 | 0x4f684dffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x4f684e0000 | 0x4f68511fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004f686d0000 | 0x4f686d0000 | 0x4f686dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff560000 | 0x7df5ff560000 | 0x7ff5ff55ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648df0000 | 0x7ff648df0000 | 0x7ff648eeffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648ef0000 | 0x7ff648ef0000 | 0x7ff648f12fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648f1b000 | 0x7ff648f1b000 | 0x7ff648f1cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648f1d000 | 0x7ff648f1d000 | 0x7ff648f1efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648f1f000 | 0x7ff648f1f000 | 0x7ff648f1ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5a70
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x4f683c0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #99: net.exe
0
0
| Information | Value |
|---|---|
| ID | #99 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5b98 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5B9C
0x
5BF4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000d6a4350000 | 0xd6a4350000 | 0xd6a436ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d6a4370000 | 0xd6a4370000 | 0xd6a4383fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d6a4390000 | 0xd6a4390000 | 0xd6a440ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d6a4410000 | 0xd6a4410000 | 0xd6a4413fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d6a4420000 | 0xd6a4420000 | 0xd6a4420fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d6a4430000 | 0xd6a4430000 | 0xd6a4431fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff480000 | 0x7df5ff480000 | 0x7ff5ff47ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9cc0000 | 0x7ff7c9cc0000 | 0x7ff7c9ce2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9ced000 | 0x7ff7c9ced000 | 0x7ff7c9cedfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9cee000 | 0x7ff7c9cee000 | 0x7ff7c9ceffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #101: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #101 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:43, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58f0 |
| Parent PID | 0x5b98 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58B0
0x
58C0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000079fb3a0000 | 0x79fb3a0000 | 0x79fb3bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079fb3a0000 | 0x79fb3a0000 | 0x79fb3affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000079fb3b0000 | 0x79fb3b0000 | 0x79fb3b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079fb3c0000 | 0x79fb3c0000 | 0x79fb3d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000079fb3e0000 | 0x79fb3e0000 | 0x79fb45ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000079fb460000 | 0x79fb460000 | 0x79fb463fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000079fb470000 | 0x79fb470000 | 0x79fb470fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000079fb480000 | 0x79fb480000 | 0x79fb481fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x79fb490000 | 0x79fb54dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000079fb550000 | 0x79fb550000 | 0x79fb5cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000079fb5d0000 | 0x79fb5d0000 | 0x79fb6cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000079fb6d0000 | 0x79fb6d0000 | 0x79fb6d6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x79fb6e0000 | 0x79fb6e2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x79fb6f0000 | 0x79fb721fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000079fb870000 | 0x79fb870000 | 0x79fb87ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffcf0000 | 0x7df5ffcf0000 | 0x7ff5ffceffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648040000 | 0x7ff648040000 | 0x7ff64813ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648140000 | 0x7ff648140000 | 0x7ff648162fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64816a000 | 0x7ff64816a000 | 0x7ff64816bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64816c000 | 0x7ff64816c000 | 0x7ff64816dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64816e000 | 0x7ff64816e000 | 0x7ff64816efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x58b0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x79fb6e0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #102: net.exe
0
0
| Information | Value |
|---|---|
| ID | #102 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:43, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x43b8 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4038
0x
5BCC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000a004570000 | 0xa004570000 | 0xa00458ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a004590000 | 0xa004590000 | 0xa0045a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a0045b0000 | 0xa0045b0000 | 0xa00462ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a004630000 | 0xa004630000 | 0xa004633fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a004640000 | 0xa004640000 | 0xa004640fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a004650000 | 0xa004650000 | 0xa004651fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff380000 | 0x7df5ff380000 | 0x7ff5ff37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca030000 | 0x7ff7ca030000 | 0x7ff7ca052fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca053000 | 0x7ff7ca053000 | 0x7ff7ca053fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca05e000 | 0x7ff7ca05e000 | 0x7ff7ca05ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #104: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #104 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:44, Reason: Child Process |
| Unmonitor | End Time: 00:03:44, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5c64 |
| Parent PID | 0x43b8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5C68
0x
5C6C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000048a5a10000 | 0x48a5a10000 | 0x48a5a2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000048a5a10000 | 0x48a5a10000 | 0x48a5a1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000048a5a20000 | 0x48a5a20000 | 0x48a5a26fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000048a5a30000 | 0x48a5a30000 | 0x48a5a43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000048a5a50000 | 0x48a5a50000 | 0x48a5acffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000048a5ad0000 | 0x48a5ad0000 | 0x48a5ad3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000048a5ae0000 | 0x48a5ae0000 | 0x48a5ae0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000048a5af0000 | 0x48a5af0000 | 0x48a5af1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x48a5b00000 | 0x48a5bbdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000048a5bc0000 | 0x48a5bc0000 | 0x48a5bc6fff | Private Memory | rw |
|
|
|
- |
| private_0x00000048a5bd0000 | 0x48a5bd0000 | 0x48a5ccffff | Private Memory | rw |
|
|
|
- |
| private_0x00000048a5cd0000 | 0x48a5cd0000 | 0x48a5d4ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x48a5d50000 | 0x48a5d52fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x48a5d60000 | 0x48a5d91fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000048a5f00000 | 0x48a5f00000 | 0x48a5f0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff310000 | 0x7df5ff310000 | 0x7ff5ff30ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648b60000 | 0x7ff648b60000 | 0x7ff648c5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648c60000 | 0x7ff648c60000 | 0x7ff648c82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648c8b000 | 0x7ff648c8b000 | 0x7ff648c8cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c8d000 | 0x7ff648c8d000 | 0x7ff648c8efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648c8f000 | 0x7ff648c8f000 | 0x7ff648c8ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5c68
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x48a5d50000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #105: net.exe
0
0
| Information | Value |
|---|---|
| ID | #105 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:52, Reason: Child Process |
| Unmonitor | End Time: 00:03:54, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5ef0 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5EF4
0x
5F0C
0x
5F10
0x
5F14
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e4f33e0000 | 0xe4f33e0000 | 0xe4f33fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e4f3400000 | 0xe4f3400000 | 0xe4f3413fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e4f3420000 | 0xe4f3420000 | 0xe4f349ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e4f34a0000 | 0xe4f34a0000 | 0xe4f34a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e4f34b0000 | 0xe4f34b0000 | 0xe4f34b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e4f34c0000 | 0xe4f34c0000 | 0xe4f34c1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffed0000 | 0x7df5ffed0000 | 0x7ff5ffecffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca020000 | 0x7ff7ca020000 | 0x7ff7ca042fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca04a000 | 0x7ff7ca04a000 | 0x7ff7ca04afff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca04e000 | 0x7ff7ca04e000 | 0x7ff7ca04ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #107: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #107 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:53, Reason: Child Process |
| Unmonitor | End Time: 00:03:53, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5f18 |
| Parent PID | 0x5ef0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F1C
0x
5F20
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ba17690000 | 0xba17690000 | 0xba176affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba17690000 | 0xba17690000 | 0xba1769ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ba176a0000 | 0xba176a0000 | 0xba176a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba176b0000 | 0xba176b0000 | 0xba176c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ba176d0000 | 0xba176d0000 | 0xba1774ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ba17750000 | 0xba17750000 | 0xba17753fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ba17760000 | 0xba17760000 | 0xba17760fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ba17770000 | 0xba17770000 | 0xba17771fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ba17780000 | 0xba17780000 | 0xba177fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ba17800000 | 0xba17800000 | 0xba17806fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xba17810000 | 0xba17812fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ba17820000 | 0xba17820000 | 0xba1782ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ba17830000 | 0xba17830000 | 0xba1792ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xba17930000 | 0xba179edfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0xba179f0000 | 0xba17a21fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff2e0000 | 0x7df5ff2e0000 | 0x7ff5ff2dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648640000 | 0x7ff648640000 | 0x7ff64873ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648740000 | 0x7ff648740000 | 0x7ff648762fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648768000 | 0x7ff648768000 | 0x7ff648768fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64876c000 | 0x7ff64876c000 | 0x7ff64876dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64876e000 | 0x7ff64876e000 | 0x7ff64876ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5f1c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xba17810000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #108: net.exe
0
0
| Information | Value |
|---|---|
| ID | #108 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:54, Reason: Child Process |
| Unmonitor | End Time: 00:03:55, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5f60 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F64
0x
5F8C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000091b7730000 | 0x91b7730000 | 0x91b774ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000091b7750000 | 0x91b7750000 | 0x91b7763fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000091b7770000 | 0x91b7770000 | 0x91b77effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000091b77f0000 | 0x91b77f0000 | 0x91b77f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000091b7800000 | 0x91b7800000 | 0x91b7800fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000091b7810000 | 0x91b7810000 | 0x91b7811fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffdf0000 | 0x7df5ffdf0000 | 0x7ff5ffdeffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9f30000 | 0x7ff7c9f30000 | 0x7ff7c9f52fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9f58000 | 0x7ff7c9f58000 | 0x7ff7c9f58fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9f5e000 | 0x7ff7c9f5e000 | 0x7ff7c9f5ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #110: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #110 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:54, Reason: Child Process |
| Unmonitor | End Time: 00:03:55, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5f90 |
| Parent PID | 0x5f60 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F94
0x
5F98
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b260050000 | 0xb260050000 | 0xb26006ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b260050000 | 0xb260050000 | 0xb26005ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b260060000 | 0xb260060000 | 0xb260066fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b260070000 | 0xb260070000 | 0xb260083fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b260090000 | 0xb260090000 | 0xb26010ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b260110000 | 0xb260110000 | 0xb260113fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b260120000 | 0xb260120000 | 0xb260120fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b260130000 | 0xb260130000 | 0xb260131fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb260140000 | 0xb2601fdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b260200000 | 0xb260200000 | 0xb26027ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b260280000 | 0xb260280000 | 0xb260286fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xb260290000 | 0xb260292fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xb2602a0000 | 0xb2602d1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b260300000 | 0xb260300000 | 0xb2603fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b260530000 | 0xb260530000 | 0xb26053ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5fff80000 | 0x7df5fff80000 | 0x7ff5fff7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff647f30000 | 0x7ff647f30000 | 0x7ff64802ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648030000 | 0x7ff648030000 | 0x7ff648052fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64805a000 | 0x7ff64805a000 | 0x7ff64805bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64805c000 | 0x7ff64805c000 | 0x7ff64805dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64805e000 | 0x7ff64805e000 | 0x7ff64805efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5f94
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xb260290000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #111: net.exe
0
0
| Information | Value |
|---|---|
| ID | #111 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:03, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x605c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6060
0x
6198
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000008082a50000 | 0x8082a50000 | 0x8082a6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008082a70000 | 0x8082a70000 | 0x8082a83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008082a90000 | 0x8082a90000 | 0x8082b0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000008082b10000 | 0x8082b10000 | 0x8082b13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000008082b20000 | 0x8082b20000 | 0x8082b20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000008082b30000 | 0x8082b30000 | 0x8082b31fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff870000 | 0x7df5ff870000 | 0x7ff5ff86ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca010000 | 0x7ff7ca010000 | 0x7ff7ca032fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca035000 | 0x7ff7ca035000 | 0x7ff7ca035fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca03e000 | 0x7ff7ca03e000 | 0x7ff7ca03ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #113: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #113 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:04, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x619c |
| Parent PID | 0x605c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
61A0
0x
61B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000500cf50000 | 0x500cf50000 | 0x500cf6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000500cf50000 | 0x500cf50000 | 0x500cf5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000500cf60000 | 0x500cf60000 | 0x500cf66fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000500cf70000 | 0x500cf70000 | 0x500cf83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000500cf90000 | 0x500cf90000 | 0x500d00ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000500d010000 | 0x500d010000 | 0x500d013fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000500d020000 | 0x500d020000 | 0x500d020fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000500d030000 | 0x500d030000 | 0x500d031fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x500d040000 | 0x500d0fdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000500d100000 | 0x500d100000 | 0x500d17ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000500d180000 | 0x500d180000 | 0x500d186fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x500d190000 | 0x500d192fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000500d1b0000 | 0x500d1b0000 | 0x500d2affff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x500d2b0000 | 0x500d2e1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000500d3f0000 | 0x500d3f0000 | 0x500d3fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff050000 | 0x7df5ff050000 | 0x7ff5ff04ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648d20000 | 0x7ff648d20000 | 0x7ff648e1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648e20000 | 0x7ff648e20000 | 0x7ff648e42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648e4b000 | 0x7ff648e4b000 | 0x7ff648e4cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648e4d000 | 0x7ff648e4d000 | 0x7ff648e4efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff648e4f000 | 0x7ff648e4f000 | 0x7ff648e4ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x61a0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x500d190000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #114: net.exe
0
0
| Information | Value |
|---|---|
| ID | #114 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:04, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x61f4 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
61F8
0x
6214
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ecc71d0000 | 0xecc71d0000 | 0xecc71effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ecc71f0000 | 0xecc71f0000 | 0xecc7203fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ecc7210000 | 0xecc7210000 | 0xecc728ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ecc7290000 | 0xecc7290000 | 0xecc7293fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ecc72a0000 | 0xecc72a0000 | 0xecc72a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ecc72b0000 | 0xecc72b0000 | 0xecc72b1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2d0000 | 0x7df5ff2d0000 | 0x7ff5ff2cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7cab60000 | 0x7ff7cab60000 | 0x7ff7cab82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7cab84000 | 0x7ff7cab84000 | 0x7ff7cab84fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cab8e000 | 0x7ff7cab8e000 | 0x7ff7cab8ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #116: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #116 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:05, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6218 |
| Parent PID | 0x61f4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
621C
0x
6220
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ec67910000 | 0xec67910000 | 0xec6792ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ec67910000 | 0xec67910000 | 0xec6791ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ec67920000 | 0xec67920000 | 0xec67926fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ec67930000 | 0xec67930000 | 0xec67943fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ec67950000 | 0xec67950000 | 0xec679cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ec679d0000 | 0xec679d0000 | 0xec679d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ec679e0000 | 0xec679e0000 | 0xec679e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ec679f0000 | 0xec679f0000 | 0xec679f1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ec67a00000 | 0xec67a00000 | 0xec67a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ec67a80000 | 0xec67a80000 | 0xec67b7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xec67b80000 | 0xec67c3dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ec67c40000 | 0xec67c40000 | 0xec67c46fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xec67c50000 | 0xec67c52fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xec67c60000 | 0xec67c91fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ec67cc0000 | 0xec67cc0000 | 0xec67ccffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffca0000 | 0x7df5ffca0000 | 0x7ff5ffc9ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648860000 | 0x7ff648860000 | 0x7ff64895ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648960000 | 0x7ff648960000 | 0x7ff648982fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648986000 | 0x7ff648986000 | 0x7ff648986fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64898c000 | 0x7ff64898c000 | 0x7ff64898dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64898e000 | 0x7ff64898e000 | 0x7ff64898ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x621c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xec67c50000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #117: net.exe
0
0
| Information | Value |
|---|---|
| ID | #117 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:13, Reason: Child Process |
| Unmonitor | End Time: 00:04:15, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x66d0 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
66D4
0x
6740
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006d16540000 | 0x6d16540000 | 0x6d1655ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006d16560000 | 0x6d16560000 | 0x6d16573fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006d16580000 | 0x6d16580000 | 0x6d165fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006d16600000 | 0x6d16600000 | 0x6d16603fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006d16610000 | 0x6d16610000 | 0x6d16610fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006d16620000 | 0x6d16620000 | 0x6d16621fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff4d0000 | 0x7df5ff4d0000 | 0x7ff5ff4cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca4b0000 | 0x7ff7ca4b0000 | 0x7ff7ca4d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca4dc000 | 0x7ff7ca4dc000 | 0x7ff7ca4ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca4de000 | 0x7ff7ca4de000 | 0x7ff7ca4defff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #119: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #119 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:14, Reason: Child Process |
| Unmonitor | End Time: 00:04:15, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6744 |
| Parent PID | 0x66d0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6748
0x
674C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000d9f1d90000 | 0xd9f1d90000 | 0xd9f1daffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d9f1d90000 | 0xd9f1d90000 | 0xd9f1d9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000d9f1da0000 | 0xd9f1da0000 | 0xd9f1da6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d9f1db0000 | 0xd9f1db0000 | 0xd9f1dc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d9f1dd0000 | 0xd9f1dd0000 | 0xd9f1e4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d9f1e50000 | 0xd9f1e50000 | 0xd9f1e53fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d9f1e60000 | 0xd9f1e60000 | 0xd9f1e60fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d9f1e70000 | 0xd9f1e70000 | 0xd9f1e71fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xd9f1e80000 | 0xd9f1f3dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d9f1f40000 | 0xd9f1f40000 | 0xd9f1fbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d9f1fc0000 | 0xd9f1fc0000 | 0xd9f1fc6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xd9f1fd0000 | 0xd9f1fd2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xd9f1fe0000 | 0xd9f2011fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d9f2050000 | 0xd9f2050000 | 0xd9f214ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d9f22c0000 | 0xd9f22c0000 | 0xd9f22cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5a0000 | 0x7df5ff5a0000 | 0x7ff5ff59ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff6483f0000 | 0x7ff6483f0000 | 0x7ff6484effff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6484f0000 | 0x7ff6484f0000 | 0x7ff648512fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648517000 | 0x7ff648517000 | 0x7ff648517fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64851c000 | 0x7ff64851c000 | 0x7ff64851dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64851e000 | 0x7ff64851e000 | 0x7ff64851ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x6748
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xd9f1fd0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #120: net.exe
0
0
| Information | Value |
|---|---|
| ID | #120 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:15, Reason: Child Process |
| Unmonitor | End Time: 00:04:17, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x678c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6790
0x
67B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000a9def90000 | 0xa9def90000 | 0xa9defaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a9defb0000 | 0xa9defb0000 | 0xa9defc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a9defd0000 | 0xa9defd0000 | 0xa9df04ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a9df050000 | 0xa9df050000 | 0xa9df053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a9df060000 | 0xa9df060000 | 0xa9df060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a9df070000 | 0xa9df070000 | 0xa9df071fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff240000 | 0x7df5ff240000 | 0x7ff5ff23ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca440000 | 0x7ff7ca440000 | 0x7ff7ca462fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca465000 | 0x7ff7ca465000 | 0x7ff7ca465fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca46e000 | 0x7ff7ca46e000 | 0x7ff7ca46ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #122: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #122 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:15, Reason: Child Process |
| Unmonitor | End Time: 00:04:16, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x67cc |
| Parent PID | 0x678c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
67D0
0x
67D4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000197f430000 | 0x197f430000 | 0x197f44ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000197f430000 | 0x197f430000 | 0x197f43ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000197f440000 | 0x197f440000 | 0x197f446fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000197f450000 | 0x197f450000 | 0x197f463fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000197f470000 | 0x197f470000 | 0x197f4effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000197f4f0000 | 0x197f4f0000 | 0x197f4f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000197f500000 | 0x197f500000 | 0x197f500fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000197f510000 | 0x197f510000 | 0x197f511fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x197f520000 | 0x197f5ddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000197f5e0000 | 0x197f5e0000 | 0x197f65ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000197f660000 | 0x197f660000 | 0x197f75ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000197f760000 | 0x197f760000 | 0x197f766fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x197f770000 | 0x197f772fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x197f780000 | 0x197f7b1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000197f880000 | 0x197f880000 | 0x197f88ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff030000 | 0x7df5ff030000 | 0x7ff5ff02ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff647f90000 | 0x7ff647f90000 | 0x7ff64808ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648090000 | 0x7ff648090000 | 0x7ff6480b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6480bb000 | 0x7ff6480bb000 | 0x7ff6480bcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6480bd000 | 0x7ff6480bd000 | 0x7ff6480bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6480be000 | 0x7ff6480be000 | 0x7ff6480bffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x67d0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x197f770000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #123: net.exe
0
0
| Information | Value |
|---|---|
| ID | #123 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:23, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6a14 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6A18
0x
6A40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000174f820000 | 0x174f820000 | 0x174f83ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000174f840000 | 0x174f840000 | 0x174f853fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000174f860000 | 0x174f860000 | 0x174f8dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000174f8e0000 | 0x174f8e0000 | 0x174f8e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000174f8f0000 | 0x174f8f0000 | 0x174f8f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000174f900000 | 0x174f900000 | 0x174f901fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5fff70000 | 0x7df5fff70000 | 0x7ff5fff6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7cabf0000 | 0x7ff7cabf0000 | 0x7ff7cac12fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7cac1d000 | 0x7ff7cac1d000 | 0x7ff7cac1efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7cac1f000 | 0x7ff7cac1f000 | 0x7ff7cac1ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #125: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #125 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:24, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6a44 |
| Parent PID | 0x6a14 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6A48
0x
6A4C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000294d3b0000 | 0x294d3b0000 | 0x294d3cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000294d3b0000 | 0x294d3b0000 | 0x294d3bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000294d3c0000 | 0x294d3c0000 | 0x294d3c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000294d3d0000 | 0x294d3d0000 | 0x294d3e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000294d3f0000 | 0x294d3f0000 | 0x294d46ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000294d470000 | 0x294d470000 | 0x294d473fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000294d480000 | 0x294d480000 | 0x294d480fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000294d490000 | 0x294d490000 | 0x294d491fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x294d4a0000 | 0x294d55dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000294d560000 | 0x294d560000 | 0x294d5dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000294d5e0000 | 0x294d5e0000 | 0x294d5e6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x294d5f0000 | 0x294d5f2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x294d600000 | 0x294d631fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000294d670000 | 0x294d670000 | 0x294d76ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000294d810000 | 0x294d810000 | 0x294d81ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff070000 | 0x7df5ff070000 | 0x7ff5ff06ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648180000 | 0x7ff648180000 | 0x7ff64827ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648280000 | 0x7ff648280000 | 0x7ff6482a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6482ab000 | 0x7ff6482ab000 | 0x7ff6482acfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482ad000 | 0x7ff6482ad000 | 0x7ff6482aefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482af000 | 0x7ff6482af000 | 0x7ff6482affff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x6a48
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x294d5f0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #126: net.exe
0
0
| Information | Value |
|---|---|
| ID | #126 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:26, Reason: Child Process |
| Unmonitor | End Time: 00:04:28, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6ccc |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6CD0
0x
6DF8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000973cdc0000 | 0x973cdc0000 | 0x973cddffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973cde0000 | 0x973cde0000 | 0x973cdf3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000973ce00000 | 0x973ce00000 | 0x973ce7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973ce80000 | 0x973ce80000 | 0x973ce83fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000973ce90000 | 0x973ce90000 | 0x973ce90fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000973cea0000 | 0x973cea0000 | 0x973cea1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff770000 | 0x7df5ff770000 | 0x7ff5ff76ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7c9d00000 | 0x7ff7c9d00000 | 0x7ff7c9d22fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7c9d2c000 | 0x7ff7c9d2c000 | 0x7ff7c9d2cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7c9d2e000 | 0x7ff7c9d2e000 | 0x7ff7c9d2ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #128: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #128 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:27, Reason: Child Process |
| Unmonitor | End Time: 00:04:28, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6e14 |
| Parent PID | 0x6ccc (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6E18
0x
6F70
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000f40ecf0000 | 0xf40ecf0000 | 0xf40ed0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f40ecf0000 | 0xf40ecf0000 | 0xf40ecfffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000f40ed00000 | 0xf40ed00000 | 0xf40ed06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f40ed10000 | 0xf40ed10000 | 0xf40ed23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f40ed30000 | 0xf40ed30000 | 0xf40edaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f40edb0000 | 0xf40edb0000 | 0xf40edb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000f40edc0000 | 0xf40edc0000 | 0xf40edc0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f40edd0000 | 0xf40edd0000 | 0xf40edd1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000f40ede0000 | 0xf40ede0000 | 0xf40ede6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xf40edf0000 | 0xf40edf2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000f40ee30000 | 0xf40ee30000 | 0xf40ef2ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf40ef30000 | 0xf40efedfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f40eff0000 | 0xf40eff0000 | 0xf40f06ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xf40f070000 | 0xf40f0a1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f40f1a0000 | 0xf40f1a0000 | 0xf40f1affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffb70000 | 0x7df5ffb70000 | 0x7ff5ffb6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648180000 | 0x7ff648180000 | 0x7ff64827ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648280000 | 0x7ff648280000 | 0x7ff6482a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6482aa000 | 0x7ff6482aa000 | 0x7ff6482abfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482ac000 | 0x7ff6482ac000 | 0x7ff6482adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6482ae000 | 0x7ff6482ae000 | 0x7ff6482aefff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x6e18
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xf40edf0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #129: net.exe
0
0
| Information | Value |
|---|---|
| ID | #129 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:34, Reason: Child Process |
| Unmonitor | End Time: 00:04:35, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x722c |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7230
0x
7280
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000048176c0000 | 0x48176c0000 | 0x48176dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000048176e0000 | 0x48176e0000 | 0x48176f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004817700000 | 0x4817700000 | 0x481777ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004817780000 | 0x4817780000 | 0x4817783fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004817790000 | 0x4817790000 | 0x4817790fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000048177a0000 | 0x48177a0000 | 0x48177a1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff200000 | 0x7df5ff200000 | 0x7ff5ff1fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca000000 | 0x7ff7ca000000 | 0x7ff7ca022fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca028000 | 0x7ff7ca028000 | 0x7ff7ca028fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca02e000 | 0x7ff7ca02e000 | 0x7ff7ca02ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #131: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #131 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:34, Reason: Child Process |
| Unmonitor | End Time: 00:04:35, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7284 |
| Parent PID | 0x722c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7288
0x
728C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b9adc70000 | 0xb9adc70000 | 0xb9adc8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9adc70000 | 0xb9adc70000 | 0xb9adc7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b9adc80000 | 0xb9adc80000 | 0xb9adc86fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9adc90000 | 0xb9adc90000 | 0xb9adca3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b9adcb0000 | 0xb9adcb0000 | 0xb9add2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9add30000 | 0xb9add30000 | 0xb9add33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b9add40000 | 0xb9add40000 | 0xb9add40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b9add50000 | 0xb9add50000 | 0xb9add51fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb9add60000 | 0xb9ade1dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b9ade20000 | 0xb9ade20000 | 0xb9ade9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b9adea0000 | 0xb9adea0000 | 0xb9adea6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xb9adeb0000 | 0xb9adeb2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000b9adee0000 | 0xb9adee0000 | 0xb9adfdffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xb9adfe0000 | 0xb9ae011fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b9ae060000 | 0xb9ae060000 | 0xb9ae06ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff160000 | 0x7df5ff160000 | 0x7ff5ff15ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648220000 | 0x7ff648220000 | 0x7ff64831ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648320000 | 0x7ff648320000 | 0x7ff648342fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff64834b000 | 0x7ff64834b000 | 0x7ff64834cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64834d000 | 0x7ff64834d000 | 0x7ff64834efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64834f000 | 0x7ff64834f000 | 0x7ff64834ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x7288
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xb9adeb0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #132: net.exe
0
0
| Information | Value |
|---|---|
| ID | #132 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:36, Reason: Child Process |
| Unmonitor | End Time: 00:04:38, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7298 |
| Parent PID | 0xf08 (c:\users\ciihmnxmn6ps\desktop\zotci.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
729C
0x
72B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000fc23da0000 | 0xfc23da0000 | 0xfc23dbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fc23dc0000 | 0xfc23dc0000 | 0xfc23dd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fc23de0000 | 0xfc23de0000 | 0xfc23e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fc23e60000 | 0xfc23e60000 | 0xfc23e63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000fc23e70000 | 0xfc23e70000 | 0xfc23e70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fc23e80000 | 0xfc23e80000 | 0xfc23e81fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffc80000 | 0x7df5ffc80000 | 0x7ff5ffc7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7ca980000 | 0x7ff7ca980000 | 0x7ff7ca9a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7ca9ad000 | 0x7ff7ca9ad000 | 0x7ff7ca9aefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7ca9af000 | 0x7ff7ca9af000 | 0x7ff7ca9affff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7cac30000 | 0x7ff7cac4cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #134: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #134 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:36, Reason: Child Process |
| Unmonitor | End Time: 00:04:38, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x72b8 |
| Parent PID | 0x7298 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
72BC
0x
72C0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000f71b7c0000 | 0xf71b7c0000 | 0xf71b7dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f71b7c0000 | 0xf71b7c0000 | 0xf71b7cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000f71b7d0000 | 0xf71b7d0000 | 0xf71b7d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f71b7e0000 | 0xf71b7e0000 | 0xf71b7f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f71b800000 | 0xf71b800000 | 0xf71b87ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f71b880000 | 0xf71b880000 | 0xf71b883fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000f71b890000 | 0xf71b890000 | 0xf71b890fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f71b8a0000 | 0xf71b8a0000 | 0xf71b8a1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000f71b8b0000 | 0xf71b8b0000 | 0xf71b8b6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xf71b8c0000 | 0xf71b8c2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000f71b8e0000 | 0xf71b8e0000 | 0xf71b9dffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf71b9e0000 | 0xf71ba9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f71baa0000 | 0xf71baa0000 | 0xf71bb1ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xf71bb20000 | 0xf71bb51fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f71bc90000 | 0xf71bc90000 | 0xf71bc9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff220000 | 0x7df5ff220000 | 0x7ff5ff21ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff648140000 | 0x7ff648140000 | 0x7ff64823ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff648240000 | 0x7ff648240000 | 0x7ff648262fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff648263000 | 0x7ff648263000 | 0x7ff648263fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64826c000 | 0x7ff64826c000 | 0x7ff64826dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff64826e000 | 0x7ff64826e000 | 0x7ff64826ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff648fb0000 | 0x7ff648febfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d480000 | 0x7ffc4d493fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x72bc
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff648fb0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xf71b8c0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
